Passing a borrowed nonce through Postman fails

For remote apps (cURL, Postman, etc.), or when not using the browser, you should use an authentication plugin like Application Passwords instead of sending the cookies.

But if you’d rather send the cookies, then copy and send the WordPress logged-in cookie named wordpress_logged_in_<hash>. Example in cURL:

curl -H "X-WP-Nonce: <nonce>" -X POST https://example.com/wp-json/wp/v2/posts -d "Data here" -b wordpress_logged_in_<hash>=<cookie value>

Note that WordPress saves the user’s login data (username and hashed data) in a cookie named wordpress_logged_in_<hash> (but you can change it using the LOGGED_IN_COOKIE constant).

Also, in the above (cURL) example, I used the X-WP-Nonce header to send the cookie nonce.

UPDATE: Added a screenshot for (locating and copying) the cookie in Chrome:

enter image description here

Related Posts:

  1. Can’t GET draft posts via REST API from headless frontend
  2. Log in user using WordPress REST API
  3. Headless WordPress: How to authenticate front end requests?
  4. WP REST API: check if user is logged in
  5. x-wp-nonce is not allowed by Access-Control-Allow-Headers in preflight response
  6. WordPress REST API “rest_authentication_errors” doesn’t work external queries?
  7. Full page NGINX (or Cloudflare) caching and WordPress nonces
  8. WordPress REST API, Expired Nonce from Cache results in 403 forbidden
  9. How send get request to external api with username and password
  10. WP_REMOTE_POST Requests are being blocked by API provider [closed]
  11. permission_callback has no effect
  12. Get all PDF files from page with WordPress API
  13. WP REST API – Nonce passes wp_verify_nonce even after logout
  14. “No Access-Control-Allow-Origin header is present” even though it is in the entry file
  15. Validate rest-api call on create
  16. Rest API: wp_verify_nonce() fails despite receiving correct nonce value
  17. Get a remote post ID via API given URL
  18. How to change the date and time in REST API for comments?
  19. Backbone with custom rest endpoints
  20. WordPress HTTP API NTLM Authentication
  21. [Zapier + WP Webhooks Pro]: Custom Fields get cut off at first comma or semicolon
  22. REST API and filtering by meta value
  23. Rest API: trouble receiving response through script (browser and Postman display correctly)
  24. Is there a way I can fetch the WordPress Developer Code References with an API?
  25. How to display relations via wordpress Rest API
  26. How to add Relations of a CCT from JetEngine via WordPress Rest API
  27. How to verify which WordPress user requested the API in ASP .NET Core?
  28. Can I overwrite default WordPress Json API For no more pages text
  29. trigger WordPress rest any API call
  30. Secure WordPress API, how?
  31. wp_nonce vs jwt
  32. register/login api
  33. WordPress REST API in Integromat: How to overcome “Sorry, you are not allowed to list users / edit this…”
  34. how to create JSON array [] for REST response?
  35. Remove unwanted fields from WP API response
  36. How to receive JSON payload from a digital device
  37. The REST API encountered an error in wordpress?
  38. WordPress API “code”:”rest_no_route” with Custom Route
  39. Connecting WordPress with an External API
  40. WordPress single page website redirect to index.html
  41. Autotrader API Integration
  42. REST API get featured image source for custom post type
  43. Register rest field authentication with REST API
  44. Update post / page using API + python
  45. JS WordPress API fetch no response headers
  46. Issue with API after 6.2 update
  47. Woocommerce API for calling products by Category ID
  48. Rest API nonce is being cached
  49. All wp-json routes suddenly return 404
  50. WordPress – Contact Form 7 – Get uploaded file issue
  51. Nonce validation in REST API
  52. API call from searchbar in wordpress
  53. Looking for a working code example in python for creating a post
  54. Transmit headers and footers via API from one site to another
  55. Accessing an auth protected custom WP API enpoint from remote origin
  56. WordPress Error uploading image: 401 API Python Script
  57. Is the WordPress REST API installed and enabled in a vanilla WordPress 4.7 installation?
  58. Does something like is_rest() exist
  59. How to: Make JWT-authenticated requests to the WordPress API
  60. WordPress Rest API custom endpoint optional param
  61. Using the Rewrite API to Construct a RESTful URL
  62. REST API purpose?
  63. Get post count in wp rest API v2 and get all categories
  64. WP REST API — How to change HTTP Response status code?
  65. wp_get_current_user() function not working in Rest API callback function
  66. How to use WP-REST API to login user and get user data for Android app?
  67. Nonce retrieved from the REST API is invalid and different from nonce generated in wp_localize_script
  68. WP REST API Is it rather easy to rename the default wp-json uri part?
  69. Query WP REST API v2 by multiple meta keys
  70. Search WP API using the post title
  71. check the requesting url
  72. How would I add custom tables/endpoints to the WP REST API?
  73. WP REST API Require Password for GET Endpoint
  74. Displaying a page built with Elementor using the REST API [closed]
  75. Getting user meta data from WP REST API
  76. How do I cache (core) API requests?
  77. WP REST API only returning partial list of users
  78. Fetch All Posts (Including Those Using a Custom Post Type) With WordPress API
  79. WP REST API no longer supports filter param, so how do I get posts in a custom taxonomy?
  80. Understanding SHORTINIT with WordPress 5
  81. Is there a way to get protected meta fields through any of the available built-in WordPress APIs? (xmlrpc, wp-json)
  82. How to use _embed when using _fields?
  83. How does REST API cookie authentication work in WP 4.7?
  84. WP REST API V2 – Retrieve sub page by full slug (URL/Path)
  85. WP REST API create post authentication issue
  86. Slow REST API calls on self-hosted WordPress [closed]
  87. How do I create a user using the new JSON api in 4.7?
  88. Verify nonce in REST API?
  89. Why is my custom API endpoint not working?
  90. Is it safe to fix Access-Control-Allow-Origin (CORS origin) errors with a php header directive?
  91. WordPress REST API validation
  92. Are there server performance benefits to fetching only specific fields when querying the REST API?
  93. Retrieving pages with multiple tags using REST API
  94. How to define a query parameter with REST API?
  95. Filter posts by multiple custom taxonomy terms using AND operator in REST API v2 (WordPress)
  96. WP REST API returns blank response if post is too long
  97. How do I correctly setup an AJAX nonce for WordPress REST API?
  98. how to authenticate for the REST API from a plugin and from command line
  99. Why is per_page not working with categories in WP API?
  100. Increase per_page limit in REST API
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)