I'm using Postman to test my project and the wp-api. More specifically POST requests where a user must be authenticated to do something. Here's what I'm working with to create a user:
{{url}}/projectname/wp-json/wp/v2/users/?username=anewname&[email protected]&password=passwordhere
However when testing something requiring authentication, such as creating a user, I get a 401'ed:
{
"code": "rest_cannot_create_user",
"message": "Sorry, you are not allowed to create resource.",
"data": {
"status": 401
}
}
Authenticating via Nonce:
If you see the link above, the documentation explains setting the header and sending along the nonce. I could set the header to X-WP-Nonce but then how would I get the nonce to send along in Postman?
Authenticating via cookies: I've installed Postman's interceptor to grab cookies and am seeing 5 of them but still get 401'ed with the method above.
Any ideas or guidance would be really useful to the community.
I'm using Postman to test my project and the wp-api. More specifically POST requests where a user must be authenticated to do something. Here's what I'm working with to create a user:
{{url}}/projectname/wp-json/wp/v2/users/?username=anewname&[email protected]&password=passwordhere
However when testing something requiring authentication, such as creating a user, I get a 401'ed:
{
"code": "rest_cannot_create_user",
"message": "Sorry, you are not allowed to create resource.",
"data": {
"status": 401
}
}
Authenticating via Nonce:
If you see the link above, the documentation explains setting the header and sending along the nonce. I could set the header to X-WP-Nonce but then how would I get the nonce to send along in Postman?
Authenticating via cookies: I've installed Postman's interceptor to grab cookies and am seeing 5 of them but still get 401'ed with the method above.
Any ideas or guidance would be really useful to the community.
Share Improve this question edited Mar 9, 2016 at 19:43 Ben Racicot asked Mar 9, 2016 at 19:10 Ben RacicotBen Racicot 1,4363 gold badges18 silver badges27 bronze badges 5- Maybe the question is what exactly are you testing. Nonce and cookies imply front end and why would you want to expose any "write" API to front end? BTW I am not familiar at all with the API, but nonce should probably accompany cookies, not be a replacement to them, unless one of the cookies serves as a nonce. – Mark Kaplun Commented Mar 9, 2016 at 19:54
- If you are not in the site, some requests, like crating/updating content or getting private content, require authentication through OAuth. Cookies with nonces can only be used for authentication within the site. – cybmeta Commented Mar 9, 2016 at 20:06
- @cybmeta so you're saying its impossible to use Postman and the WP-API to make POST requests because of the nonces. Correct? – Ben Racicot Commented Mar 10, 2016 at 15:04
- You need to send a valid authentication cookie and a valid nonce. But cookies are only valid within the same domain. I don't know if you can bypass that requirement using Postman. The way to authenticate betweens domains is the OAuth method, which I'm sure you can use with Postman. If you want to use Postman just to test while development, you can also use Basic Authorization. All of this is explained, in other words, in the link you sahred in the question: v2.wp-api/guide/authentication – cybmeta Commented Mar 10, 2016 at 19:20
- 1 It's actually explained pretty poorly in the docs. Documentation for this project has always lagged development. :/ – MTT Commented May 13, 2016 at 17:07
2 Answers
Reset to default 1Postman shares cookies with Chrome. If you are logged into your site you may see unexpected results.
REF : https://wordpress/support/topic/wp-api-cant-create-a-post/
Postman doesn't need a nonce to create content with v2 beta 12... just use the WP-API Basic Auth plugin. The one header is the authentication header.