Passing a borrowed nonce through Postman fails

For remote apps (cURL, Postman, etc.), or when not using the browser, you should use an authentication plugin like Application Passwords instead of sending the cookies.

But if you’d rather send the cookies, then copy and send the WordPress logged-in cookie named wordpress_logged_in_<hash>. Example in cURL:

curl -H "X-WP-Nonce: <nonce>" -X POST https://example.com/wp-json/wp/v2/posts -d "Data here" -b wordpress_logged_in_<hash>=<cookie value>

Note that WordPress saves the user’s login data (username and hashed data) in a cookie named wordpress_logged_in_<hash> (but you can change it using the LOGGED_IN_COOKIE constant).

Also, in the above (cURL) example, I used the X-WP-Nonce header to send the cookie nonce.

UPDATE: Added a screenshot for (locating and copying) the cookie in Chrome:

enter image description here

Related Posts:

  1. Can’t GET draft posts via REST API from headless frontend
  2. Log in user using WordPress REST API
  3. Headless WordPress: How to authenticate front end requests?
  4. WP REST API: check if user is logged in
  5. x-wp-nonce is not allowed by Access-Control-Allow-Headers in preflight response
  6. WordPress REST API “rest_authentication_errors” doesn’t work external queries?
  7. Full page NGINX (or Cloudflare) caching and WordPress nonces
  8. WordPress REST API, Expired Nonce from Cache results in 403 forbidden
  9. How send get request to external api with username and password
  10. WP_REMOTE_POST Requests are being blocked by API provider [closed]
  11. permission_callback has no effect
  12. Get all PDF files from page with WordPress API
  13. WP REST API – Nonce passes wp_verify_nonce even after logout
  14. “No Access-Control-Allow-Origin header is present” even though it is in the entry file
  15. Validate rest-api call on create
  16. Rest API: wp_verify_nonce() fails despite receiving correct nonce value
  17. Get a remote post ID via API given URL
  18. How to change the date and time in REST API for comments?
  19. Backbone with custom rest endpoints
  20. WordPress HTTP API NTLM Authentication
  21. [Zapier + WP Webhooks Pro]: Custom Fields get cut off at first comma or semicolon
  22. REST API and filtering by meta value
  23. Rest API: trouble receiving response through script (browser and Postman display correctly)
  24. Is there a way I can fetch the WordPress Developer Code References with an API?
  25. How to display relations via wordpress Rest API
  26. How to add Relations of a CCT from JetEngine via WordPress Rest API
  27. How to verify which WordPress user requested the API in ASP .NET Core?
  28. Can I overwrite default WordPress Json API For no more pages text
  29. trigger WordPress rest any API call
  30. Secure WordPress API, how?
  31. wp_nonce vs jwt
  32. register/login api
  33. WordPress REST API in Integromat: How to overcome “Sorry, you are not allowed to list users / edit this…”
  34. how to create JSON array [] for REST response?
  35. Remove unwanted fields from WP API response
  36. How to receive JSON payload from a digital device
  37. The REST API encountered an error in wordpress?
  38. WordPress API “code”:”rest_no_route” with Custom Route
  39. Connecting WordPress with an External API
  40. WordPress single page website redirect to index.html
  41. Autotrader API Integration
  42. REST API get featured image source for custom post type
  43. Register rest field authentication with REST API
  44. Update post / page using API + python
  45. JS WordPress API fetch no response headers
  46. Issue with API after 6.2 update
  47. Woocommerce API for calling products by Category ID
  48. Rest API nonce is being cached
  49. How to use WP-REST API to login user and get user data for Android app?
  50. How do I cache (core) API requests?
  51. WP REST API returns blank response if post is too long
  52. How to feed a HTML5’s EventSource with a REST API custom endpoint?
  53. Retrieve CSS and JS From the REST API
  54. How to Authenticate WP REST API with JWT Authentication using Fetch API
  55. WordPress 4.7 REST API endpoints
  56. REST API multiple media upload
  57. 401 Error when trying to make a REST API call to site
  58. Developing Themes with React/Angular
  59. Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?
  60. Upload image to wordpress using REST API
  61. Can I define multiple callback methods depending on the call method?
  62. Filter post content in REST API
  63. Create post with REST API in php with file_get_contents
  64. How add meta fields to a user with the wp-api?
  65. WordPress Rest API response
  66. WP Rest API not working
  67. How do you format the set_body option for WP_Rest_Request?
  68. featured image not found in json from wp rest api
  69. is it possible to filter a rest api endpoint by using a registered rest field?
  70. rendering view in backbone
  71. Update a post based on results from GET request to another server
  72. Manipulating/view postmeta remotely
  73. Check authentication credentials using WP REST API
  74. WordPress REST API V2: how to get list of all posts?
  75. Getting 401 from ajax using an application password
  76. How to connect android app with WordPress website?
  77. WordPress REST API calls that depend on the WordPress User
  78. How to get data from /wp-json/wp/v2/users/me
  79. I can’t post comment via REST API
  80. WordPress REST API parameters are not affecting a response
  81. Update meta_value in wp_postmeta using API
  82. Multisite WP-API json v2 : can i fetch all comments on all sites with a single query?
  83. wp_signon returns user but the user is not logged in because wp installed on subdomain. How to make it work?
  84. WordPress plugin with CORS
  85. “Error: cURL error 60: SSL certificate problem: certificate has expired” when create product in WooCommerce via REST API
  86. How to use WordPress REST api to login a user?
  87. Wrong encoding of dynamic block properties problem when loggen in as editor
  88. Need wp rest api for featured video post
  89. WordPress output data to another website and pull data
  90. Set logged in user based on API response
  91. REST api header link href
  92. WordPress & React Native
  93. update meta data (like view counter) by rest-api
  94. Rest API hook ‘rest_insert_post’ not returning request object
  95. How to display parent category with first level child in REST API
  96. How Can I keep password protected posts in the json requests but not on frontend queries?
  97. Rest API User Levels
  98. Script tag in string in wordpress rest api body to create post
  99. Customizer Changeset, Sidebar and Rest API Custom Endpoints
  100. Uploading media to wordpress API with C# HttpClient