Rest API: wp_verify_nonce() fails despite receiving correct nonce value

First, nonce for an action is the same when the user is not authenticated/logged-in. (because the user ID is always 0)

Secondly, you’re getting false because you didn’t specify the nonce action which is wp_rest in your case:

// Correct usage - a valid action name is set (wp_rest).
wp_verify_nonce( $clientNonce, 'wp_rest' );

// Incorrect usage - empty action; always returns false.
wp_verify_nonce( $clientNonce );

And if you are actually trying to authenticate the request using the standard cookie authentication, then you should use the X-WP-Nonce header to send the nonce and not the request body/payload:

const fetchAllCoupons = async () => {
  try {
    const response = await fetch(`${apiBaseUrl}/pluginFolder/1.0/loadAll`, {
      method: 'post',
      headers: {
        'Content-Type': 'application/json',
        'X-WP-Nonce': clientNonce // <- here, send the nonce via the header
      },
      body: JSON.stringify({
        // WordPress will not use this when verifying the associated user in the request.
        clientNonce,

        // but WordPress will not use this, either. Because we're sending a JSON payload.
        _wpnonce: clientNonce
      })
    });
    ...
  } catch (e) {
    ...
  }
};

Or you can also send the nonce as a query string (in the URL) like so:

`${apiBaseUrl}/pluginFolder/1.0/loadAll?_wpnonce=` + clientNonce

Related Posts:

  1. WP REST API: check if user is logged in
  2. Can’t GET draft posts via REST API from headless frontend
  3. WP REST API – Nonce passes wp_verify_nonce even after logout
  4. Log in user using WordPress REST API
  5. wp_nonce vs jwt
  6. Register rest field authentication with REST API
  7. How to: Make JWT-authenticated requests to the WordPress API
  8. WordPress Rest API: How do we validate with our custom API key?
  9. WordPress REST API call generates nonce twice on every call
  10. How to Authenticate WP REST API with JWT Authentication using Fetch API
  11. authentication issue with rest api – rest_cannot_create
  12. Can I authenticate with both WooCommerce consumer key and JWT?
  13. How to login to WordPress site using basic authentication HTTP headers?
  14. Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?
  15. WordPress REST API “rest_authentication_errors” doesn’t work external queries?
  16. Create Session with JWT
  17. Full page NGINX (or Cloudflare) caching and WordPress nonces
  18. WordPress REST API, Expired Nonce from Cache results in 403 forbidden
  19. Passing a borrowed nonce through Postman fails
  20. how to send Ajax request in wordpress backend
  21. permission_callback has no effect
  22. WP REST API GET Requests require authentication
  23. current_user_can(‘administrator’) returns false when I’m logged in
  24. Authenticating with REST API
  25. Make authorization mandatory on custom routes
  26. How to force JWT auth for default GET endpoints of WordPress rest api?
  27. REST API: best place to set current user for JWT auth?
  28. WordPress + REST API v2 and private pages Load by slug
  29. REST API authentication for a plugin
  30. PHP: authenticate for a REST request?
  31. Rest API basic auth not working
  32. Authenticate current user to REST API
  33. Getting 401 from ajax using an application password
  34. How to connect android app with WordPress website?
  35. WordPress REST API calls that depend on the WordPress User
  36. Backbone with custom rest endpoints
  37. WordPress HTTP API NTLM Authentication
  38. Advanced Access Manager: RESTful endpoint to refresh token
  39. Best Authetication between REST API and Mobile App
  40. How to verify which WordPress user requested the API in ASP .NET Core?
  41. Secure WordPress API, how?
  42. register/login api
  43. How can I secure my custom rest api endpoint or add under a already existing rest group
  44. REST API Integration without user account?
  45. WP REST API with Basic Auth at target website
  46. Cant POST with REST API on WordPress
  47. REST API – Authentication/Logon security
  48. Rest API nonce is being cached
  49. custom REST endpoints and application passwords
  50. wordpress rest api authentication failed
  51. How to use OAuth authentication with REST API via CURL commands?
  52. WordPress REST API validation
  53. Adding WordPress API Endpoint With Multiple Parameters
  54. Match REST API post output from custom endpoint
  55. Handling nonce generation in AJAX registration process
  56. How to change user avatar using REST API?
  57. Build on same WordPress or different install?
  58. Testing custom API endpoint with class dependency
  59. 403 Forbidden with gutenberg
  60. Detect if REST API is running
  61. Using pre_get_posts, how to target the REST API, only?
  62. Save/update post_meta with Gutenberg from the panel
  63. Set featured image using URL with wp rest api
  64. How to block all REST API endpoint except which I wrote custom?
  65. Identical wp_rest nonce returned from rest_api
  66. Authentication with internal WP_REST_Request and rest_do_request()
  67. Cannot DIsplay a Snackbar Notice on Button Click – Notice is undefined
  68. Custom Post Type and Custom REST API Endpoint result in Gutenberg editor not working
  69. rest_sanitize_value_from_schema doesn’t sanitize string
  70. Erratic OAuth 1.0 Signature Mismatch Errors
  71. WordPress Rest API custom endpoint for RSS feed
  72. How to add a custom REST field to limit data when fetching?
  73. WordPress JSON data to and from database to be shown on rest point
  74. “No Access-Control-Allow-Origin header is present” even though it is in the entry file
  75. How can I authenticate user credentials against a WordPress instance?
  76. rest api request including meta_query filter
  77. Filter DELETE REST API calls
  78. How to send the body in wp_remote_post as “raw”?
  79. Custom Endpoints not working
  80. Is there a way I can fetch the WordPress Developer Code References with an API?
  81. Pull in ALL posts from the last two weeks using Rest API
  82. 403 error when publishing a post in wordpress. Error => Publishing failed. The response is not a valid JSON response
  83. Cannot use WordPress Application Passwords: “code”: “rest_no_route” “status”:404 for /wp-json/wp/v2/users/me/application-passwords
  84. WP REST API returns empty posts despite entries in wp_posts
  85. The REST API encountered an error in wordpress?
  86. Do something when publish a post in Gutenberg with hook rest_after_insert_post
  87. Uploading picture via REST API
  88. How to modify the HTML output of Gutenberg block? (Youtube)
  89. Autotrader API Integration
  90. Accessing secure endpoint with X-WP-Nonce?
  91. Rest api request throttling
  92. Properly process a custom WP REST API request (Authenticate, Authorize + Validate)?
  93. Update post / page using API + python
  94. Social login authentication via wordpress rest api
  95. Calling a Rest API with parameters on button Click
  96. WordPress json – How to use the content rendered from json
  97. Subscriber role cann’t add comment meta using REST API
  98. WordPress REST API function not calling from external site
  99. Issue with API after 6.2 update
  100. Verify user login and password over api
error code: 523