WordPress REST API Basic Authentication Header not working

Not accept Basic Authentication header when communicate via cURL call in Bitnami WordPress Server.

$header = array(
    'Authorization: Basic '.base64_encode( $this->username.':'.$this->password ),
    'Content-Type: application/json',
);

Showing 401 error.

stdClass Object
(
    [code] => rest_cannot_create_user
    [message] => Sorry, you are not allowed to create new users.
    [data] => stdClass Object
        (
            [status] => 401
        )

)

Would you please help us how to fix this issue on Bitnami WordPress Server. Thank you.

Hi @obtaindev,

Could you please let us know more information about what you are trying to achieve?

  • Did you install any new plugin in WordPress?
  • Are you using this WP API http://v2.wp-api.org/?
  • Could you please share with us the code you are executing?

Please note that the WordPress API works correctly when you access http://YOUR_IP/wp-json/wp/v2/users/1 so this might be a syntax error in your code. I also suggest you ask in the official forums of WordPress to get more information about this

https://wordpress.org/support/

Thanks

Hello Jota,

Please check below our reply.

  • Did you install any new plugin in WordPress?
  • No.
  • Yes, we are using WordPress REST API v2.
  • Could you please share with us the code you are executing?
            $header = array(
                'Authorization: Basic '.base64_encode( $this->username.':'.$this->password ),
                'Content-Type: application/json',
            );
            
            $ch = curl_init();
            curl_setopt( $ch, CURLOPT_URL, $this->url.'/users' );
            curl_setopt( $ch, CURLOPT_HTTPHEADER, $header );
            curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
            curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );
            curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, false );
            $json_response = curl_exec( $ch );
            $status = curl_getinfo( $ch, CURLINFO_HTTP_CODE );
            curl_close( $ch );
            $response = json_decode( $json_response );

We are using http://{Domain}/wp-json/wp/v2/users/ and not http://{IP of Domain}/wp-json/wp/v2/users/.

It’s working well with other hosting server and not working with Bitnami WordPress Server.

Let us know if you need more details.
Thanks

Hi @obtaindev,

Thank you for the information. I just reproduced the issue using this PHP script and forwarded the information to our Engineering Team, it will work on finding the issue when using it.

Just for the record, this is a similar case in this forum.

Sorry for the inconvenience
Jota

I was able to reproduce it as well. I tried enabling the authentication header rewrite rule in Apache but it didn’t work either. I will need to investigate it further.

Best regards,

Javier J. Salmerón


Was my answer helpful? Click on :heart:

Hi,

I was able to make it work. This is what I did.

  • Install the https://github.com/WP-API/Basic-Auth plugin. You need to download and extract it in the `/opt/bitnami/apps/wordpress/htdocs/wp-content/plugins
  • Make sure you set the proper permissions
sudo chown bitnami:daemon -R /opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/Basic-Auth
sudo chmod g+w -R  /opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/Basic-Auth
  • Enable the plugin in WordPress panel:

image

  • Add the following lines in /opt/bitnami/apps/wordpress/conf/httpd-app.conf (I just added it before the rest of RewriteRules in the file.
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

My httpd-app.conf ended like this:

RewriteEngine On
RewriteRule /<none> / [L,R]

<IfDefine USE_PHP_FPM>
    <Proxy "unix:/opt/bitnami/php/var/run/wordpress.sock|fcgi://wordpress-fpm" timeout=300>
    </Proxy>
</IfDefine>

<Directory "/opt/bitnami/apps/wordpress/htdocs">
    Options +MultiViews +FollowSymLinks
    AllowOverride None
    <IfVersion < 2.3 >
        Order allow,deny
        Allow from all
    </IfVersion>
    <IfVersion >= 2.3>
        Require all granted
    </IfVersion>
    
    

    <IfDefine USE_PHP_FPM>
       <FilesMatch \.php$>
         SetHandler "proxy:fcgi://wordpress-fpm"
       </FilesMatch>
    </IfDefine>

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
    
    RewriteEngine On
    #RewriteBase /wordpress/
    RewriteRule ^index\.php$ - [S=1]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . index.php [L]

    Include "/opt/bitnami/apps/wordpress/conf/banner.conf"
</Directory>

Include "/opt/bitnami/apps/wordpress/conf/htaccess.conf"
                    
  • Restart Apache
sudo /opt/bitnami/ctlscript.sh restart apache

After that, I was able to create a post using the example script https://gist.github.com/andrewahead4/489e6422feb5be901143 (obviously, you need to change the url and credentials)

Hope it helps

Best regards,

Javier J. Salmerón


Was my answer helpful? Click on :heart:

2 Likes

Thank you very much!!

Don’t hesitate to open a new ticket if you came across other issues :slight_smile: