WordPress REST API – Permission Callbacks

The issue was because I wasn’t generating and sending a nonce value with the request. In order to generate a nonce value. Localize the value of a wp_create_nonce('wp_rest') function call.

wp_localize_script('application', 'api', array(
    'root' => esc_url_raw(rest_url()),
    'nonce' => wp_create_nonce('wp_rest')
));

This will then be accessible to the window object of the browser which can be accessed via Javascript, this nonce should then be passed as the value of the request header X-WP-Nonce when executing XHR / HTTP Requests. An example of which is as follows:

var request = new XMLHttpRequest();

request.addEventListener('load', function() {
    console.log(this.responseText);
}

request.open('GET', api.root + 'mynamespace/posts');

// You must set headers after the request has been opened and before itself.
request.setRequestHeader('X-WP-Nonce`, api.nonce);

request.send(); // will fire the event listener above when fulfilled.

I hope this was helpful.

Related Posts:

  1. Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?
  2. MySQL error 1449: The user specified as a definer does not exist
  3. How to: Make JWT-authenticated requests to the WordPress API
  4. How to use OAuth authentication with REST API via CURL commands?
  5. WP in Docker – cannot install plugin or upgrade WP
  6. when FS_METHOD = ‘direct’ is chosen?
  7. Create custom permissions for user type
  8. Can’t upload images due to permissions error
  9. Recommended File Permissions
  10. What’s the difference between the permissions “edit_published_posts” and “edit_posts”
  11. Wrong permissions when uploading a file through WordPress | IIS
  12. ftp_nlist() and ftp_pwd() warnings
  13. WordPress Rest API: How do we validate with our custom API key?
  14. How do I use the WP REST API plugin and the OAuth Server plugin to allow for registration and login?
  15. WordPress in IIS 7.5 – “cannot create directory”
  16. How to authenticate custom API endpoint in WooCommerce [closed]
  17. WordPress REST API call generates nonce twice on every call
  18. What permissions should i have set up for the Database User after i have WordPress set up?
  19. Why is group ownership with rwx permissions not enough?
  20. authentication issue with rest api – rest_cannot_create
  21. Extend Woocommerce rest api routes fails
  22. can i run wp as root permissions
  23. Prevent or Disable creating new users or changing roles of existing users to Administrator
  24. Safe to set permissions to 757 temporarily to update via wp-cli?
  25. WordPress REST API “rest_authentication_errors” doesn’t work external queries?
  26. Does WordPress have fine-grained view permissions?
  27. Limit REST API output to current logged in user that is also author of the content
  28. Create Session with JWT
  29. can’t change footer
  30. permissions access error
  31. WP REST API GET Requests require authentication
  32. What user/group does WordPress belong to in terms of file permissions?
  33. Enable plugin installs without FTP with user from same group as Nginx/PHP-fpm
  34. Moved my WordPress site and now it can’t read the theme
  35. WordPress folder ownership issues
  36. How to save generated JWT token to cookies on login?
  37. Authentication with the Rest API when using an External Application
  38. How to force JWT auth for default GET endpoints of WordPress rest api?
  39. REST API: best place to set current user for JWT auth?
  40. WordPress php mysql errors – errcode: 13 permission denied
  41. Callback to custom field is not working in WordPress REST API
  42. Calling an API to do authentication / user login
  43. WordPress + REST API v2 and private pages Load by slug
  44. Invalid changeset UUID WordPress
  45. Group ownership permissions don’t allow web server to update WordPress content
  46. Should Apache own /var/www/domain.com directory in WordPress?
  47. How can I authenticate user credentials against a WordPress instance?
  48. REST API authentication for a plugin
  49. WordPress Permissions on my Local with Docker
  50. Running WordPress as FTP user?
  51. How to to secure WordPress file and folder permissions
  52. Upgrading problem
  53. PHP: authenticate for a REST request?
  54. Rest API basic auth not working
  55. wp-content Folder Permissions (777 OK?)
  56. Filter DELETE REST API calls
  57. No user found when using REST API
  58. Authenticate current user to REST API
  59. Rest API: wp_verify_nonce() fails despite receiving correct nonce value
  60. JWT on Woocommerce cannot work with “Customer” role user
  61. How to prevent plugins from being uninstalled
  62. Reseting file permissions
  63. REST API: wp_get_current_user not working on second call
  64. What is the “user account” for WordPress’ file permissions?
  65. Restrict access to trash, only admin
  66. How to hide wordpress error message?
  67. What is this error message?
  68. Advanced Access Manager: RESTful endpoint to refresh token
  69. User Capabilities are not available in WP REST permission callback?
  70. wp-json API: not logged in when clicking link to the API from admin mode
  71. Best Authetication between REST API and Mobile App
  72. How to grant user access the page [closed]
  73. Log in user using WordPress REST API
  74. How to make file not open to public but javascript file under WordPress folder can load it
  75. Allow Editor access to a certain plugin
  76. Visitors “do not have permission to view this content” on home page only
  77. Permissions Script Not Working
  78. Blank White page issue in WordPress
  79. Permissions working but not working
  80. Update block once an API request returns with a value
  81. Mamp Pro File Permissions
  82. How can I secure my custom rest api endpoint or add under a already existing rest group
  83. Create a custom “you dont have permission” message
  84. Register rest field authentication with REST API
  85. Downloaded WP but Nginx home page still showing
  86. Public and Private keys incorrect for user
  87. sufficient permissions to access this page
  88. Restrict access to specific content
  89. the_tags only showing when logged in?
  90. Configuring WordPress permissions for easy updates
  91. Plugins Page – “Page disabled by the administrator”
  92. Properly process a custom WP REST API request (Authenticate, Authorize + Validate)?
  93. WordPress files owner changed silently
  94. Cant POST with REST API on WordPress
  95. Authenticate + Authorize WP REST API request before built-in WP JSON Schema Payload Validation?
  96. Amazon Cloudfront with S3. Access Denied
  97. GRANT SELECT to all tables in postgresql
  98. Login and register by API
  99. custom REST endpoints and application passwords
  100. wordpress rest api authentication failed

Leave a Comment