Thanks for your reply! That is a really good point. I didn’t have access to the correct headers from apache_request_headers() in the ‘rest_authentication_errors’ hook, but they were checkable in the ‘rest_pre_dispatch’ hook. Thanks so much as it really helped my train of thought!
Cheers
