Support » Plugin: Redirection » WP_REST_Request always outputs an error object with rest_forbidden

  • I am using the rest_do_request() method with the WP_REST_Request API to trigger the creation of a redirect in my PHP code.

    The creation of the redirect is successful, however the response always has the status with a value of 401, and data array block has the code value as ‘rest_forbidden’, etc.

    I didn’t think that there was any authentication required when using the rest_do_request() method. So why does the rest response always say forbidden regardless?

    This is the create redirection code block I am using (but this also happens for deletes with bulk and updates, etc) with valid values for the $source, $target, and $group_id, and as mentioned the redirect is successfully created:

    $request = new WP_REST_Request('POST', '/redirection/v1/redirect');
      'url' => $source,
      'action_data' => [
        'url' => $target,
      'regex'  => 0,
      'group_id'  => $group_id,
      'match_type'  => 'url',
      'action_type' => 'url',
      'action_code' => $action_code,
    $response = rest_do_request($request);

    What could be the problem here?

    • This topic was modified 3 years, 4 months ago by mkormendy.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author John Godley


    Your user will need to be able to access the endpoint. See

    Thread Starter mkormendy


    I don’t think you read the whole support question in its entirety.

    I’m using rest_do_request() method with the WP_REST_Request API. I shouldn’t need a user.

    • This reply was modified 3 years, 4 months ago by mkormendy.
    Thread Starter mkormendy


    Do you need some help with maintaining parts of this plugin BTW? The developer documentation is woefully under-informative, I think that if we had better documentation, you would have less support-debt on your plate.

    Plugin Author John Godley


    All requests must be authenticated by someone with manage_options capabilities.

    I believe whatever code you use will need to pass the standard API capabilities check. I can’t say why your code is behaving like it is. Redirection provides the API endpoints, the rest is down to the core API code.

    The thing with documentation is that it’s rarely read.

    Thread Starter mkormendy


    I figured out that there were multiple requests being sent, but the first initial request is successful. That being said, I will close this ticket and can move forward with what I was developing. It appears that authentication/capabilities aren’t needed when using rest_do_request().

    As for the documentation, I would still like to help, I’m offering my hand, please contact me at mike at somethinginteractive dot com.

    In my case, and a couple others, I think documentation would have fast-forwarded my development, as it took me more time than necessary just to read the plugin code and conjure up a bunch of tests until I got things right.

    Let’s chat offline about how I can help.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘WP_REST_Request always outputs an error object with rest_forbidden’ is closed to new replies.