Passing a borrowed nonce through Postman fails

For remote apps (cURL, Postman, etc.), or when not using the browser, you should use an authentication plugin like Application Passwords instead of sending the cookies.

But if you’d rather send the cookies, then copy and send the WordPress logged-in cookie named wordpress_logged_in_<hash>. Example in cURL:

curl -H "X-WP-Nonce: <nonce>" -X POST https://example.com/wp-json/wp/v2/posts -d "Data here" -b wordpress_logged_in_<hash>=<cookie value>

Note that WordPress saves the user’s login data (username and hashed data) in a cookie named wordpress_logged_in_<hash> (but you can change it using the LOGGED_IN_COOKIE constant).

Also, in the above (cURL) example, I used the X-WP-Nonce header to send the cookie nonce.

UPDATE: Added a screenshot for (locating and copying) the cookie in Chrome:

enter image description here

Related Posts:

  1. Can’t GET draft posts via REST API from headless frontend
  2. Log in user using WordPress REST API
  3. Headless WordPress: How to authenticate front end requests?
  4. WP REST API: check if user is logged in
  5. x-wp-nonce is not allowed by Access-Control-Allow-Headers in preflight response
  6. WordPress REST API “rest_authentication_errors” doesn’t work external queries?
  7. Full page NGINX (or Cloudflare) caching and WordPress nonces
  8. WordPress REST API, Expired Nonce from Cache results in 403 forbidden
  9. How send get request to external api with username and password
  10. WP_REMOTE_POST Requests are being blocked by API provider [closed]
  11. permission_callback has no effect
  12. Get all PDF files from page with WordPress API
  13. WP REST API – Nonce passes wp_verify_nonce even after logout
  14. “No Access-Control-Allow-Origin header is present” even though it is in the entry file
  15. Validate rest-api call on create
  16. Rest API: wp_verify_nonce() fails despite receiving correct nonce value
  17. Get a remote post ID via API given URL
  18. How to change the date and time in REST API for comments?
  19. Backbone with custom rest endpoints
  20. WordPress HTTP API NTLM Authentication
  21. [Zapier + WP Webhooks Pro]: Custom Fields get cut off at first comma or semicolon
  22. REST API and filtering by meta value
  23. Rest API: trouble receiving response through script (browser and Postman display correctly)
  24. Is there a way I can fetch the WordPress Developer Code References with an API?
  25. How to display relations via wordpress Rest API
  26. How to add Relations of a CCT from JetEngine via WordPress Rest API
  27. How to verify which WordPress user requested the API in ASP .NET Core?
  28. Can I overwrite default WordPress Json API For no more pages text
  29. trigger WordPress rest any API call
  30. Secure WordPress API, how?
  31. wp_nonce vs jwt
  32. register/login api
  33. WordPress REST API in Integromat: How to overcome “Sorry, you are not allowed to list users / edit this…”
  34. how to create JSON array [] for REST response?
  35. Remove unwanted fields from WP API response
  36. How to receive JSON payload from a digital device
  37. The REST API encountered an error in wordpress?
  38. WordPress API “code”:”rest_no_route” with Custom Route
  39. Connecting WordPress with an External API
  40. WordPress single page website redirect to index.html
  41. Autotrader API Integration
  42. REST API get featured image source for custom post type
  43. Register rest field authentication with REST API
  44. Update post / page using API + python
  45. JS WordPress API fetch no response headers
  46. Issue with API after 6.2 update
  47. Woocommerce API for calling products by Category ID
  48. Rest API nonce is being cached
  49. All wp-json routes suddenly return 404
  50. WordPress – Contact Form 7 – Get uploaded file issue
  51. Nonce validation in REST API
  52. API call from searchbar in wordpress
  53. Looking for a working code example in python for creating a post
  54. Transmit headers and footers via API from one site to another
  55. WordPress Error uploading image: 401 API Python Script
  56. WP REST API — How to change HTTP Response status code?
  57. Understanding SHORTINIT with WordPress 5
  58. Filter post_content before loading in Gutenberg editor
  59. Options to get my custom post type metadata via the WordPress API
  60. WP REST API returns incorrect data?
  61. REST API GET users
  62. Make authorization mandatory on custom routes
  63. Why the Path is different with the one coded in rest
  64. rest_api_init is run on every rest call to endpoint
  65. WP-REST create user with custom meta
  66. receive a custom parameter with rest api
  67. Setting cookies in WP REST API requests
  68. WordPress REST API rest_comment_invalid_author Sorry, you are not allowed to edit ‘author’ for comments
  69. How to delete user using rest api without reassigning
  70. Custom REST endpoint not working to retrieve single posts (“rest_no_route”)
  71. Accessing private posts through REST API, same code that works in remote doesn’t in local
  72. Advanced Access Manager: RESTful endpoint to refresh token
  73. How to add an endpoint for my custom post type? /wp-json/wp/v2/posts is working but it didn’t in the custom post
  74. Error message: Response is not a valid JSON response
  75. Pass multiple tags slug to rest API
  76. Return a WP_REST_Response from an inner function (and not from the root callback)
  77. register_rest_route with method POST but in wp-json/ is showing GET
  78. Rest Api fetching only one random post
  79. Accessing Custom REST endpoint with rest_do_request()
  80. Do i need to use a plugin for third party api integration?
  81. WP CLI in WP 5.3 with PHP 7.4
  82. Get wordpress post with featured image, category and tag from WordPress API
  83. REST API and Loopback error
  84. Rest API: Register and Login errors aren’t specific
  85. How can I secure my custom rest api endpoint or add under a already existing rest group
  86. WordPress RESTAPI – Restrict unknown
  87. Fix Characters WordPress Ionic App
  88. WordPress REST API Endpoint (Authors and Categories latest posts)
  89. Can we use website data which is having wp rest api plugin?
  90. REST API And Error Codes – No Message
  91. how can I add an URL parameter to a rest route using register_rest_route()?
  92. Is it possible to bulk update a table using WP Rest API?
  93. WordPress API standard compliance and specification for external database [closed]
  94. Delete row from table using custom endpoint via API
  95. Fetch post by author slug
  96. Cant POST with REST API on WordPress
  97. get the current logged in user using WooCommerce API in React App [closed]
  98. Problem with custom WordPress Rest API search route with query parameters
  99. How to limit what fields are returned through the WP API Backbone JS client
  100. WordPress just for Backend