Title: basic auth
Last modified: August 22, 2016

---

# basic auth

 *  [Paul van Beukering](https://wordpress.org/support/users/paul-van-beukering/)
 * (@paul-van-beukering)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/basic-auth/)
 * Hi there,
 * I was very happy to find this API, great plugin but now i run into a problem 
   I can not fix.
    I used basic authorisation to retrieve userdata, it works in 
   my development env (OSX) but when I try the same on an ubuntu production server
   basic auth is never picked up, also with curl I get the same result: curl –user
   user:password [http://localhost/wp-json/users/](http://localhost/wp-json/users/)
   always gives me [{“code”:”json_user_cannot_list”,”message”:”Sorry, you are not
   allowed to list users.”}] So nothing about false credentials, the basic auth 
   is just ignored. I get the feeling it has to do more with core wordpress, but
   I was hoping you can help me.
 * Thanks in advance
    Paul van Beukering
 * [https://wordpress.org/plugins/json-rest-api/](https://wordpress.org/plugins/json-rest-api/)

Viewing 9 replies - 1 through 9 (of 9 total)

 *  [brianlmerritt](https://wordpress.org/support/users/brianlmerritt/)
 * (@brianlmerritt)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/basic-auth/#post-5339090)
 * Basic auth appears to NOT sign the user into WordPress, and is just used to get
   the user ID.
 * I believe only OAuth currently supports post and user edits, but as I don’t personally
   like 3leg OAuth 1.0a (not for mobile apps), I have not investigated further.
 * So unfortunately you can believe your curls are all wrong and yet it appears 
   basic auth released plugin does not support writing.
 * You might want to shunt over to git-hub and see if there are updates there or
   do like I am doing and creating my own routes and endpoints and auth because 
   in fact the one thing I don’t need to do is access users, posts, or media for
   my app 🙂
 *  [brianlmerritt](https://wordpress.org/support/users/brianlmerritt/)
 * (@brianlmerritt)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/basic-auth/#post-5339091)
 * ps – If you find a fix, please do repost here 🙂
 *  [brianlmerritt](https://wordpress.org/support/users/brianlmerritt/)
 * (@brianlmerritt)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/basic-auth/#post-5339092)
 * OK – sorry for the delay 😉
 * Basic auth does work!
 * However, it fails if you are performing curl requests if you are already logged
   in on your browser and you are using Rest Console or Postman.
 * In other words, if you are running from a browser logged into your main site,
   and use a browser tool to curl for example, then it doesn’t work.
 * However, once you log out of the browser then basic auth takes over and works
   fine 🙂
 *  [eastes](https://wordpress.org/support/users/eastes/)
 * (@eastes)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/basic-auth/#post-5339184)
 * > Log out of the browser then basic auth takes over
 * I spent about 11 hours today trying to get basic auth to work. This was the problem
   for me. Such a sad, frustrating day that I [blogged about it here.](http://oddjobs.com.au/i-nearly-quit/)
   
   Thank you @brianImerritt
 *  Thread Starter [Paul van Beukering](https://wordpress.org/support/users/paul-van-beukering/)
 * (@paul-van-beukering)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/basic-auth/#post-5339185)
 * Hi there,
 * I tried to do what you suggested, but unfortunately it did not help me.
    After
   exploring the plugin code, i found out the authentication cookie is never set,
   wp_validate_auth_cookie always returns false because the cookie is empty, using
   curl –user and using java HttpURLConnection with cookies. Strangely this does
   not happens on my local install (mac). Only on remote servers. I suspect the 
   apache configuration now. I think it is a virtual host settings.
 * To be continued.
 *  [brianlmerritt](https://wordpress.org/support/users/brianlmerritt/)
 * (@brianlmerritt)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/basic-auth/#post-5339186)
 * Hey Paul – the connection does not use cookies. Either use basic auth for each
   request or use oAuth and token for each request.
 * ps to eastes! great! ps – make sure you use https for any basic auth requests
   for anything other than development. I developed my own auth plugin to save the
   mobile developers getting the full oAuth 1.0 working…
 *  [Someguyagain](https://wordpress.org/support/users/someguyagain/)
 * (@someguyagain)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/basic-auth/#post-5339192)
 * I’m on day two still nothing. 🙁
 * I’ve tried everything trick I know of and your solutions but, just can not get
   pass this
 *     ```
       * Hostname was NOT found in DNS cache
       *   Trying 127.0.0.1...
       * Connected to localhost (127.0.0.1) port 80 (#0)
       * Server auth using Basic with user 'admin'
       > GET /wordpress/wp-json/users/me HTTP/1.1
       > Authorization: Basic YWRtaW46QmFzaWMuNTc=
       > User-Agent: curl/7.35.0
       > Host: localhost
       > Accept: */*
       >
       < HTTP/1.1 401 Unauthorized
       < Date: Sat, 27 Dec 2014 05:00:38 GMT
       * Server Apache/2.4.9 (Ubuntu) is not blacklisted
       < Server: Apache/2.4.9 (Ubuntu)
       < X-Powered-By: PHP/5.5.11-3+deb.sury.org~saucy+1
       < X-Pingback: http://localhost/wordpress/xmlrpc.php
       < X-Content-Type-Options: nosniff
       < Access-Control-Allow-Origin: *
       < Content-Length: 76
       < Content-Type: application/json; charset=UTF-8
       <
       { [data not shown]
       * Connection #0 to host localhost left intact
       ```
   
 * Guess I’ll move on to the OAuth then 🙁 Feeling a bit defeated
 *  [Someguyagain](https://wordpress.org/support/users/someguyagain/)
 * (@someguyagain)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/basic-auth/#post-5339195)
 * Just got it working but not with this plugin. I’ll post a how to later today.
   Victory!
 *  [Someguyagain](https://wordpress.org/support/users/someguyagain/)
 * (@someguyagain)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/basic-auth/#post-5339196)
 * [https://wordpress.org/support/topic/basic_auth?replies=4#post-6387591](https://wordpress.org/support/topic/basic_auth?replies=4#post-6387591)

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘basic auth’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/json-rest-api_2e3641.svg)
 * [WP REST API (WP API)](https://wordpress.org/plugins/json-rest-api/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/json-rest-api/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/json-rest-api/)
 * [Active Topics](https://wordpress.org/support/plugin/json-rest-api/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/json-rest-api/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/json-rest-api/reviews/)

 * 9 replies
 * 4 participants
 * Last reply from: [Someguyagain](https://wordpress.org/support/users/someguyagain/)
 * Last activity: [11 years, 3 months ago](https://wordpress.org/support/topic/basic-auth/#post-5339196)
 * Status: not resolved