Problem getting the Wordpress REST API with JWT Authentication working on Bitnami's Amazon Lightsail Wordpress

Keywords: WordPress - Amazon Web Services - Technical issue - Other
I just got Amazon Lightsail and installed Bitnami’s Wordpress package on it. Right now I’m trying to get access to the wordpress site through the Json REST API so that I can quickly create hundreds of pages/posts programatically, but it seems there’s a problem with JTW Authentication.

I am mostly a C# programmer, so I’m trying to use the C# github project to help me make calls to the REST API so I don’t have to program everything from scratch. Project is located here:

This project requires me to install “JWT Authentication for WP REST API” for Authentication as a plugin to my Wordpress site, located here:

This JWT plugin requires me to add some "define"s to the wp-config.php file, which I did, and this got the API to successfully log-in to my wordpress account, but when I make another call to the API it appears as though the Authorization Header isn’t getting through, so I assume I have to make the fix they suggested on the page that says “Most of the shared hosting has disabled the HTTP Authorization Header by default. To enable this option you’ll need to edit your .htaccess file adding the follow”.

But, when I go to try to make this change, it appears Bitnami has a whole different way of dealing with the .htaccess files with wordpress that I don’t understand.

How can I make this change to the .htaccess.conf file that Bitnami uses so that it has the same effect as if I made the change to a regular .htaccess file? Can someone try to get this up and running and walk me through what needs done to make Wordpress API access with C# (and Json) work?


For security and performance reasons, we disable .htaccess in the stack. Instead, these settings are located in /opt/bitnami/apps/wordpress/conf/htaccess.conf. If you edit this file and restart Apache it should have the same effect.

Best regards,

Javier J. Salmerón

Was my answer helpful? Click on :heart:

The syntax in the .conf file looks different than the syntax in the regular .htaccess file. Should I just add this to the bottom of the .conf file?

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

Or, does there have to be special tags wrapped around it?

Hmm, trying to just add it at the bottom (but within the “Directory” tag) doesn’t seem to work. Or, at least, now I’m unsure whether it’s not working, or it’s actually working but there’s something else wrong that I’m unaware of.

I’m not too good at dealing with web development or Apache, so if you could go into more detail about how I can try to get this working I’d be very thankful!

Ah! Figured it out!

This post helped me: Need to pass Authorization headers

Had to add this to the end after the Directory bracket:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Thanks for the help!


We are glad that you were able to fix the issue. We are marking the previous answer as “Solution” and this topic as “Closed”.
If you have any other questions, please do not hesitate to let us know. Feel free to create a new topic referencing to this one if necessary.

Best regards,
Carlos R. Hernández