Support » Plugin: WP REST API (WP API) » Cookie Authentiction with Angularjs

  • Resolved nidalhajaj


    I am trying to allow logged in users to read private post through the api issuing the simple api call /wp-json/posts/1 (which is a private post).

    However even when I am logged in with admin rights I still get a 401 unauthorised error.

    The documentation states that “WP API includes a technique called nonces to avoid CSRF issues. This prevents other sites from forcing you to perform actions without explicitly intending to do so. This requires slightly special handling for the API. For developers using the built-in Javascript API, this is handled automatically for you.”

    Is what I am trying to do possible with this authentication?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Ryan McCue


    You’ll need to either send the X-WP-Nonce header, or the _wp_json_nonce query parameter with your request. You’ll need to generate this on the server with wp_create_nonce( 'wp_json' ), which you can then output on to the page for your script using wp_localize_script.

    (This assumes you’re accessing the data from the site’s frontend, not from an external site.)

    Thanks for the help Ryan

    As of wordpress 4 I’ve noticed that you can only use the X-WP-Nonce header, the _wp_json_nonce query parameter seems to have been disabled.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Cookie Authentiction with Angularjs’ is closed to new replies.