How to Authenticate WP REST API with JWT Authentication using Fetch API

'Authenticate': 'Basic {what do I put here?}' // Do I need "Basic"?

No, it’s not Basic. It’s Bearer. And the header is Authorization.

So first, obtain a token from /wp-json/jwt-auth/v1/token:

fetch( 'http://example.com/wp-json/jwt-auth/v1/token', {
    method: 'POST',
    body: JSON.stringify( {
        // Username of a user on the WordPress website in which the REST API request
        // is being made to.
        username: 'user',
        // And the above user's password.
        password: 'pass'
    } ),
    headers: {
        'Content-Type': 'application/json'
    }
} )
.then( res => res.json() )
.then( res => console.log( res.token ) );

At this point: .then( res => console.log( res.token ) ), you can cache the token, for example in the browser cookies (document.cookie). I mean, if there were no errors (returned by the REST API endpoint), then the token is stored in res.token.

After you obtained a valid token, you can then use the token when making a request to a REST API endpoint such as Create a Comment — set the Authorization header and set its value to: Bearer <token>, where in the above example, <token> is the value of the res.token.

fetch( 'http://example.com/wp-json/wp/v2/comments', {
    method: 'POST',
    body: JSON.stringify( {
        author_email: '[email protected]',
        author_name: 'Test via REST API',
        content: 'Test comment',
        post: 123
    } ),
    headers: {
        'Content-Type': 'application/json',
        Authorization: 'Bearer <token>'
    }
} )
.then( res => res.json() )
.then( res => console.log( res ) );

Make sure the Authorization header is enabled

Because that header is required by the plugin.

And in my case, the Authorization header (which in PHP can be accessed via $_SERVER['HTTP_AUTHORIZATION']) was missing/disabled, so I had to add this to the Apache’s configuration file (httpd.conf): (requires restarting the Apache server)

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

I did try to add this to the (root) .htaccess file, but it didn’t work for me:

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

I hope that helps you and/or someone else having problems with the Authorization header. 🙂

Resources

Related Posts:

  1. How to: Make JWT-authenticated requests to the WordPress API
  2. WordPress Rest API: How do we validate with our custom API key?
  3. authentication issue with rest api – rest_cannot_create
  4. Can I authenticate with both WooCommerce consumer key and JWT?
  5. WP REST API: check if user is logged in
  6. How to login to WordPress site using basic authentication HTTP headers?
  7. Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?
  8. WordPress REST API “rest_authentication_errors” doesn’t work external queries?
  9. Can’t GET draft posts via REST API from headless frontend
  10. Create Session with JWT
  11. WP REST API GET Requests require authentication
  12. current_user_can(‘administrator’) returns false when I’m logged in
  13. Authenticating with REST API
  14. Make authorization mandatory on custom routes
  15. WP REST API – Nonce passes wp_verify_nonce even after logout
  16. How to force JWT auth for default GET endpoints of WordPress rest api?
  17. REST API: best place to set current user for JWT auth?
  18. WordPress + REST API v2 and private pages Load by slug
  19. REST API authentication for a plugin
  20. PHP: authenticate for a REST request?
  21. Rest API basic auth not working
  22. Authenticate current user to REST API
  23. Rest API: wp_verify_nonce() fails despite receiving correct nonce value
  24. Getting 401 from ajax using an application password
  25. How to connect android app with WordPress website?
  26. WordPress REST API calls that depend on the WordPress User
  27. WordPress HTTP API NTLM Authentication
  28. Advanced Access Manager: RESTful endpoint to refresh token
  29. Best Authetication between REST API and Mobile App
  30. Log in user using WordPress REST API
  31. Secure WordPress API, how?
  32. wp_nonce vs jwt
  33. register/login api
  34. How can I secure my custom rest api endpoint or add under a already existing rest group
  35. Register rest field authentication with REST API
  36. REST API Integration without user account?
  37. WP REST API with Basic Auth at target website
  38. Cant POST with REST API on WordPress
  39. REST API – Authentication/Logon security
  40. custom REST endpoints and application passwords
  41. wordpress rest api authentication failed
  42. How to add additional http header to a wp_error rest response
  43. Is the WordPress REST API installed and enabled in a vanilla WordPress 4.7 installation?
  44. Does something like is_rest() exist
  45. How to use OAuth authentication with REST API via CURL commands?
  46. REST API purpose?
  47. Get post count in wp rest API v2 and get all categories
  48. WP REST API — How to change HTTP Response status code?
  49. wp_get_current_user() function not working in Rest API callback function
  50. How to use WP-REST API to login user and get user data for Android app?
  51. WP REST API Is it rather easy to rename the default wp-json uri part?
  52. Search WP API using the post title
  53. check the requesting url
  54. How would I add custom tables/endpoints to the WP REST API?
  55. WP REST API Require Password for GET Endpoint
  56. Displaying a page built with Elementor using the REST API [closed]
  57. Getting user meta data from WP REST API
  58. Understanding SHORTINIT with WordPress 5
  59. How to use _embed when using _fields?
  60. WordPress REST API – Permission Callbacks
  61. WP REST API V2 – Retrieve sub page by full slug (URL/Path)
  62. WP REST API create post authentication issue
  63. Why is my custom API endpoint not working?
  64. WordPress REST API validation
  65. Are there server performance benefits to fetching only specific fields when querying the REST API?
  66. How to define a query parameter with REST API?
  67. Filter posts by multiple custom taxonomy terms using AND operator in REST API v2 (WordPress)
  68. WP REST API returns blank response if post is too long
  69. How do I correctly setup an AJAX nonce for WordPress REST API?
  70. how to authenticate for the REST API from a plugin and from command line
  71. How to check WordPress website username and password is correct
  72. Increase per_page limit in REST API
  73. Does pre_get_posts affect REST API responses?
  74. How to feed a HTML5’s EventSource with a REST API custom endpoint?
  75. How do I use the WP REST API plugin and the OAuth Server plugin to allow for registration and login?
  76. Adding WordPress API Endpoint With Multiple Parameters
  77. How to authenticate custom API endpoint in WooCommerce [closed]
  78. WordPress REST API call generates nonce twice on every call
  79. Retrieve CSS and JS From the REST API
  80. Using the REST API (v2) javascript client on a private namespaced route
  81. WP REST API core major changes
  82. WordPress 4.7 REST API endpoints
  83. How to get all posts from parent and children categories?
  84. wordpress wp-json prefix issue
  85. How to build a plugin that supports authenticated POST requests to the REST API from external servers?
  86. Hiding API routes list
  87. Get blog title with REST v2
  88. Is it possible to nest the JSON result of WordPress REST API?
  89. Match REST API post output from custom endpoint
  90. How to use the WP REST API for new user registration (sign up form)?
  91. REST API multiple media upload
  92. Filter post_content before loading in Gutenberg editor
  93. Attach featured image to custom endpoints
  94. Can’t send emails through REST API
  95. 401 Error when trying to make a REST API call to site
  96. WordPress: How to create custom REST API route?
  97. Create post using rest api with html content
  98. Does jQuery/Ajax send cookies when using the rest API or do I need to somehow add them?
  99. How to change user avatar using REST API?
  100. Android authentication

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)