Title: Allow REST API
Last modified: June 17, 2026

---

# Allow REST API

 *  Resolved [srothweiler](https://wordpress.org/support/users/srothweiler/)
 * (@srothweiler)
 * [3 weeks, 1 day ago](https://wordpress.org/support/topic/allow-rest-api/)
 * Hello,
 * I am using the Force Login plugin together with WooCommerce and the official 
   WooCommerce mobile app.
 * The WooCommerce app works correctly when Force Login is disabled. As soon as 
   Force Login is enabled, the app can no longer connect to my store.
 * WooCommerce Support informed me that the required REST API endpoints need to 
   remain accessible and suggested configuring Force Login so that the REST API (`/
   wp-json/`) is excluded from the login requirement.
 * Could you please provide a code snippet or configuration that allows the REST
   API endpoints (`/wp-json/`) to remain accessible while Force Login stays active?
 * My goal is to keep the frontend login requirement enabled so that visitors are
   still redirected to the login page as usual, while the WooCommerce mobile app
   can access the required REST API endpoints and connect successfully.
 * Thank you for your help.
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fallow-rest-api%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Thread Starter [srothweiler](https://wordpress.org/support/users/srothweiler/)
 * (@srothweiler)
 * [3 weeks ago](https://wordpress.org/support/topic/allow-rest-api/#post-18940997)
 * Hello,
 * I did some further testing and found the following:
    - The WooCommerce mobile app connects successfully when Force Login is disabled.
    - The connection fails immediately when Force Login is enabled.
    - `/wp-json/` is accessible and returns valid JSON.
    - The REST API output contains the `authentication.application-passwords.endpoints.
      authorization` entry and correctly points to `/wp-admin/authorize-application.
      php`.
    - `authorize-application.php` works correctly in the browser when logged in 
      as an administrator.
    - XML-RPC is working.
    - HTTPS is working.
    - I also tested bypassing the `rest_authentication_errors` restriction, but 
      the WooCommerce app still could not connect.
 * Based on these tests, it appears that the issue is not simply that the REST API
   is blocked. It seems that Force Login is intercepting or redirecting an authentication
   request used by the WooCommerce mobile app during the application password authorization
   process.
 * Could you please advise which additional endpoint(s) or request(s) used by the
   WooCommerce mobile app need to be excluded via `v_forcelogin_bypass`?
 *  Plugin Author [Kevin Vess](https://wordpress.org/support/users/kevinvess/)
 * (@kevinvess)
 * [3 weeks ago](https://wordpress.org/support/topic/allow-rest-api/#post-18941141)
 * Check out this related support thread:
   [https://wordpress.org/support/topic/blocking-rest-api/](https://wordpress.org/support/topic/blocking-rest-api/)
 * Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fallow-rest-api%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/wp-force-login/assets/icon.svg?rev=1904031)
 * [Force Login](https://wordpress.org/plugins/wp-force-login/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-force-login/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-force-login/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-force-login/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-force-login/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-force-login/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [Kevin Vess](https://wordpress.org/support/users/kevinvess/)
 * Last activity: [3 weeks ago](https://wordpress.org/support/topic/allow-rest-api/#post-18941141)
 * Status: resolved