403 "rest_forbidden" error in WordPress REST API (but only for settings)?

Asked 29/8, 2017 at 5:20 Answered 10/9, 2021 at 13:54

wordpress http-status-code-403 wordpress-rest-api

i got all API from WordPress except settings (/wp/v2/settings). its returning rest_forbidden error

{
  "code": "rest_forbidden",
  "message": "Sorry, you are not allowed to do that.",
  "data": {
    "status": 403
  }
}

Kashgar answered 29/8, 2017 at 5:20 Comment(6)

I'm getting a similar result, I'm able to get this using the app API with a client secret but unable when using WP-API Basic Auth. – Gilmagilman 9/9, 2017 at 21:53

@Gilmagilman - Are you able to provide a more detailed answer to this question, outlining your solution for other users (myself included). Thanks. – Tremaine 7/1, 2018 at 21:2

Wordpress Code Reference add_filter() param $priority description may be help. – Pulp 14/2, 2018 at 12:9

Please explain your code what you are trying to do . then I will let you know the solution. – Polymer 4/5, 2018 at 7:31

403 is not allowed access, maybe your user doesn't have the correct permission to update settings? – Defrayal 30/8, 2018 at 18:44

all you do is set a basic auth on header of your request. if username and password is correct it will be work – Loss 19/1, 2020 at 11:38

Your user does not have the correct permissions to access the data at that route. Out of the box the /settings/ route requires the manage_options permission (see the get_item_permissions_check method).

// found in WP Core class-wp-rest-settings-controller.php
/**
 * Checks if a given request has access to read and manage settings.
 *
 * @since 4.7.0
 *
 * @param WP_REST_Request $request Full details about the request.
 * @return bool True if the request has read access for the item, otherwise false.
 */
public function get_item_permissions_check( $request ) {
  return current_user_can( 'manage_options' );
}

Grooved answered 30/3, 2020 at 14:5 Comment(0)

If somebody has an issue then try installing this plugin: https://wordpress.org/plugins/application-passwords/

Generate an application password from your profile and use that with basic auth, your username will be the same as WordPress username or email and the password will be new generated password.

You may also need to add HTTP header rewrite rule in your .htaccess file, for that please follow: https://github.com/WordPress/application-passwords/wiki/Basic-Authorization-Header----Missing

Lanugo answered 10/9, 2021 at 13:54 Comment(1)

My issue was the wrong username its not the application password name but rather the username or email of the wp account – Mimamsa 1/4 at 13:59

What user is associated with the API credentials?

The settings endpoint needs the user to have manage_options permission; if you're using a custom role, you can add it with "manage_options" => true;

Otherwise just make the user Administrator role.

Klopstock answered 13/12, 2020 at 17:23 Comment(0)

Recommended topics

Hot tags