Creating Application Password using REST API results in 401 regardless of JWT token

Because what you’re trying to do boils down to the fundamental question:

How do I log in to WordPress using only the REST API?

The answer: You can’t in stock/vanilla WordPress.

/wp-json/wp/v2/users/me/application-passwords/

“message”: “You are not currently logged in.”,

and

/wp-json/wp/v2/users/1/application-passwords/

“message”: “Sorry, you are not allowed to create application passwords for this user.”,

Are both expected and normal responses because:

  • if you make a request to /wp-json/wp/v2/users/me/application-passwords/ how would it know who “me” is? You have to be logged in and authenticated to use this endpoint
  • likewise, only someone logged in as the user with ID 1 or an administrator can use the /wp-json/wp/v2/users/1/application-passwords/ endpoint, both endpoints require an authenticated request.

Core provides 2 methods of authentication:

  • a session cookie with a REST API nonce, where the cookie was created by using the standard WordPress login process in a browser
  • a pre-configured application password, setup prior by the user or an administrator via the users profile page in WP Admin.

It is not possible to create and use these using only the REST API, hence the need to install additional plugins.

A lot of independent developers use JWT to work around this as it’s easier to implement, despite the security issues with the JWT system.

Enterprise and more experienced agencies use OAuth2, including wordpress.com and core official recommendations. Neither of these provide mechanisms for registration however, and neither are bundled in WordPress and require the installation of 3rd party plugins.

Related Posts:

  1. How to use WP-REST API to login user and get user data for Android app?
  2. Getting user meta data from WP REST API
  3. WP REST API returns blank response if post is too long
  4. Increase per_page limit in REST API
  5. How to feed a HTML5’s EventSource with a REST API custom endpoint?
  6. Retrieve CSS and JS From the REST API
  7. How to Authenticate WP REST API with JWT Authentication using Fetch API
  8. WordPress 4.7 REST API endpoints
  9. REST API multiple media upload
  10. Can’t send emails through REST API
  11. 401 Error when trying to make a REST API call to site
  12. Does jQuery/Ajax send cookies when using the rest API or do I need to somehow add them?
  13. How to login to WordPress site using basic authentication HTTP headers?
  14. Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?
  15. Upload image to wordpress using REST API
  16. Can I define multiple callback methods depending on the call method?
  17. Filter post content in REST API
  18. WP Rest API convert permalink to post ID for fetch
  19. Formating content rendered from wordpress REST API as JSON and not HTML
  20. Rest API and Custom Fields
  21. How to filter users on custom meta fields in WP JSON v2?
  22. How can I return an image from a custom REST API endpoint?
  23. How add meta fields to a user with the wp-api?
  24. WordPress Rest API response
  25. Check Password Strength using WordPress API
  26. Send request to WordPress REST API
  27. Request to REST endpoint works fine in browser and curl, but fails from WP_REST_Request
  28. WP REST api.wordpress.org discovery
  29. Rest API in integration tests – filtering by slug not working?
  30. Why does AWStats show /wp-json* as Viewed URLs
  31. How send get request to external api with username and password
  32. permission_callback has no effect
  33. How do you format the set_body option for WP_Rest_Request?
  34. Updating link on page via REST api
  35. How to order WordPress Rest API data
  36. WP Rest API – How to convert embedded to json object in Java [closed]
  37. featured image not found in json from wp rest api
  38. WP REST API – Nonce passes wp_verify_nonce even after logout
  39. WP REST API plugin 500 errors?
  40. wp-cli command throws error : “SSL routines:tls_process_server_certificate:certificate verify failed” while querying https website
  41. is it possible to filter a rest api endpoint by using a registered rest field?
  42. Setting maintenance mode via REST API
  43. How to receive data by http POST request
  44. rendering view in backbone
  45. WP API querying a custom post type and a custom field
  46. Custom endpoint to get all custom taxonomy terms
  47. Update a post based on results from GET request to another server
  48. Notify Jenkins of new post on WordPress
  49. Curl requests sent two times
  50. Manipulating/view postmeta remotely
  51. Check authentication credentials using WP REST API
  52. How to get author meta into post endpoint in api v2
  53. WordPress REST API V2: how to get list of all posts?
  54. Getting 401 from ajax using an application password
  55. How to connect android app with WordPress website?
  56. WordPress REST API calls that depend on the WordPress User
  57. Register GET REST API route with multiple parameters
  58. How to get data from /wp-json/wp/v2/users/me
  59. Making internal rest requests non-blocking?
  60. How to include file attachment in ajax submission via the rest_api?
  61. WordPress HTTP API NTLM Authentication
  62. WordPress REST API parameters are not affecting a response
  63. How To Bulk Import wp_postmeta records in an API call?
  64. Rest API in self-hosted page doesn’t work [closed]
  65. Update meta_value in wp_postmeta using API
  66. WordPress custom REST API: How to validate input data by many context?
  67. Authenticate rest API except for contact-form-7
  68. How to access wordpress menu & submenu item through the REST API?
  69. WordPress plugin with CORS
  70. WordPress Rest API- Allow creation of users with identical email addresses when only using rest api
  71. Inspecting WP_Rest_Request
  72. WordPress API fields modification
  73. “Error: cURL error 60: SSL certificate problem: certificate has expired” when create product in WooCommerce via REST API
  74. How to use WordPress REST api to login a user?
  75. wp_insert_post function and automatic trashing posts once is no longer in API
  76. How to deliver webp format of images to WP REST API
  77. register/login api
  78. Wrong encoding of dynamic block properties problem when loggen in as editor
  79. WP Rest API in Android studio does not show Images
  80. Need wp rest api for featured video post
  81. WordPress improve REST API – SHORTINIT not work
  82. Update membership level via API request if using simple membership plugin
  83. REST api header link href
  84. WordPress & React Native
  85. Rest API encoding of double quotes
  86. view counter update in WordPress REST api HTTP get
  87. update meta data (like view counter) by rest-api
  88. Rest API hook ‘rest_insert_post’ not returning request object
  89. How Can I keep password protected posts in the json requests but not on frontend queries?
  90. Trouble Commenting via the WP REST API using nonces
  91. WordPress REST API not displaying all information
  92. Create a new page on front page for logged in user
  93. In Rest API 2.0 is it possible to get some meta fields but not others?
  94. Script tag in string in wordpress rest api body to create post
  95. How to cache WordPress oembed links in the page header?
  96. Customizer Changeset, Sidebar and Rest API Custom Endpoints
  97. REST API – Authentication/Logon security
  98. Restrict Image Sizes and Dimensions when Uploading via the WP Mobile App
  99. Can I use the Backbone REST API client outside WordPress?
  100. Rest Api Error ‘ Error: {‘code’: ‘rest_no_route’, ‘message’: ‘No route was found matching the URL and request method.’, ‘data’: {‘status’: 404}}@ [closed]