How to Authenticate WP REST API with JWT Authentication using Fetch API

'Authenticate': 'Basic {what do I put here?}' // Do I need "Basic"?

No, it’s not Basic. It’s Bearer. And the header is Authorization.

So first, obtain a token from /wp-json/jwt-auth/v1/token:

fetch( 'http://example.com/wp-json/jwt-auth/v1/token', {
    method: 'POST',
    body: JSON.stringify( {
        // Username of a user on the WordPress website in which the REST API request
        // is being made to.
        username: 'user',
        // And the above user's password.
        password: 'pass'
    } ),
    headers: {
        'Content-Type': 'application/json'
    }
} )
.then( res => res.json() )
.then( res => console.log( res.token ) );

At this point: .then( res => console.log( res.token ) ), you can cache the token, for example in the browser cookies (document.cookie). I mean, if there were no errors (returned by the REST API endpoint), then the token is stored in res.token.

After you obtained a valid token, you can then use the token when making a request to a REST API endpoint such as Create a Comment — set the Authorization header and set its value to: Bearer <token>, where in the above example, <token> is the value of the res.token.

fetch( 'http://example.com/wp-json/wp/v2/comments', {
    method: 'POST',
    body: JSON.stringify( {
        author_email: '[email protected]',
        author_name: 'Test via REST API',
        content: 'Test comment',
        post: 123
    } ),
    headers: {
        'Content-Type': 'application/json',
        Authorization: 'Bearer <token>'
    }
} )
.then( res => res.json() )
.then( res => console.log( res ) );

Make sure the Authorization header is enabled

Because that header is required by the plugin.

And in my case, the Authorization header (which in PHP can be accessed via $_SERVER['HTTP_AUTHORIZATION']) was missing/disabled, so I had to add this to the Apache’s configuration file (httpd.conf): (requires restarting the Apache server)

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

I did try to add this to the (root) .htaccess file, but it didn’t work for me:

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

I hope that helps you and/or someone else having problems with the Authorization header. 🙂

Resources

Related Posts:

  1. How to: Make JWT-authenticated requests to the WordPress API
  2. WordPress Rest API: How do we validate with our custom API key?
  3. authentication issue with rest api – rest_cannot_create
  4. Can I authenticate with both WooCommerce consumer key and JWT?
  5. WP REST API: check if user is logged in
  6. How to login to WordPress site using basic authentication HTTP headers?
  7. Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?
  8. WordPress REST API “rest_authentication_errors” doesn’t work external queries?
  9. Can’t GET draft posts via REST API from headless frontend
  10. Create Session with JWT
  11. WP REST API GET Requests require authentication
  12. current_user_can(‘administrator’) returns false when I’m logged in
  13. Authenticating with REST API
  14. Make authorization mandatory on custom routes
  15. WP REST API – Nonce passes wp_verify_nonce even after logout
  16. How to force JWT auth for default GET endpoints of WordPress rest api?
  17. REST API: best place to set current user for JWT auth?
  18. WordPress + REST API v2 and private pages Load by slug
  19. REST API authentication for a plugin
  20. PHP: authenticate for a REST request?
  21. Rest API basic auth not working
  22. Authenticate current user to REST API
  23. Rest API: wp_verify_nonce() fails despite receiving correct nonce value
  24. Getting 401 from ajax using an application password
  25. How to connect android app with WordPress website?
  26. WordPress REST API calls that depend on the WordPress User
  27. WordPress HTTP API NTLM Authentication
  28. Advanced Access Manager: RESTful endpoint to refresh token
  29. Best Authetication between REST API and Mobile App
  30. Log in user using WordPress REST API
  31. Secure WordPress API, how?
  32. wp_nonce vs jwt
  33. register/login api
  34. How can I secure my custom rest api endpoint or add under a already existing rest group
  35. Register rest field authentication with REST API
  36. REST API Integration without user account?
  37. WP REST API with Basic Auth at target website
  38. Cant POST with REST API on WordPress
  39. REST API – Authentication/Logon security
  40. custom REST endpoints and application passwords
  41. wordpress rest api authentication failed
  42. Does something like is_rest() exist
  43. WP REST API — How to change HTTP Response status code?
  44. Search WP API using the post title
  45. Understanding SHORTINIT with WordPress 5
  46. wordpress wp-json prefix issue
  47. Get blog title with REST v2
  48. Is it possible to nest the JSON result of WordPress REST API?
  49. Create post using rest api with html content
  50. Trying to get an api request getting error 404
  51. How should an old API version be deprecated gracefully?
  52. Full page NGINX (or Cloudflare) caching and WordPress nonces
  53. WP 5.5 Fatal Error – get_rest_controller() in rest-api.php
  54. REST API GET users
  55. Display post title from WordPress excluding a string via API
  56. WP_REMOTE_POST Requests are being blocked by API provider [closed]
  57. wp_get_object_terms() returns invalid taxonomy inside rest_api_init hook
  58. Why the Path is different with the one coded in rest
  59. how to avoid timeouts with remote API requests?
  60. Blocks Rest API rest_cannot_delete
  61. rest_api_init is run on every rest call to endpoint
  62. WP-REST create user with custom meta
  63. receive a custom parameter with rest api
  64. If I use WordPress REST API V2 and someone makes an app using it. Will my site count the posts views from the APP? And if not, then how?
  65. How to store and return json in a (custom) post meta field
  66. Sorry, you are not allowed to list users
  67. Get a remote post ID via API given URL
  68. Core function to check if a rest namespace exists
  69. How to change the date and time in REST API for comments?
  70. Rest API V2 custom post type. I only need the title and link
  71. Retriving all users with REST API not working
  72. Is there a way to download only the Rest API part of WordPress?
  73. Custom WP API endpoint NULL body data
  74. What is an endpoint for custom post type comments in REST API?
  75. How would I know if my system using REST api or not?
  76. How to display relations via wordpress Rest API
  77. How to verify which WordPress user requested the API in ASP .NET Core?
  78. WP Rest_API- Post request for images returns empty
  79. DELETE request using WP REST API
  80. Fetching WordPress Private Posts, Public Posts Via Default REST API Endpoint
  81. WP Rest API in Android studio does not show Images
  82. Got Blank issue for get data from /wp-json/v2/post
  83. How do i POST to WordPress rest API from the same domain?
  84. WP API file_get_contents return TTP request failed! HTTP/1.1 401 Unauthorized
  85. Not able to delete media by REST API
  86. Need to get user data via API
  87. REST API retrieving posts from www.sitename.com/category/news/ instead of just just from www.sitename.com
  88. REST API get featured image source for custom post type
  89. Custom rest API route not passing data along
  90. How to filter wp-json/wp/v2/users response on custom metas?
  91. Paid membership Pro Rest API
  92. wp_query json ouput
  93. GET request for media files in WP REST API 2 results in an empty array
  94. Fatal error: Call to undefined function register_rest_route()
  95. Create a new page on front page for logged in user
  96. API wp-json/wp/v2/pages/ returns a different result if page is specified
  97. Script tag in string in wordpress rest api body to create post
  98. Customizer Changeset, Sidebar and Rest API Custom Endpoints
  99. How can I enforce user to use Application password to generate JWT token? [closed]
  100. Rest Api Error ‘ Error: {‘code’: ‘rest_no_route’, ‘message’: ‘No route was found matching the URL and request method.’, ‘data’: {‘status’: 404}}@ [closed]

Leave a Comment