Title: robchur's Replies | WordPress.org --- # robchur [ ](https://wordpress.org/support/users/robchur/) * [Profile](https://wordpress.org/support/users/robchur/) * [Topics Started](https://wordpress.org/support/users/robchur/topics/) * [Replies Created](https://wordpress.org/support/users/robchur/replies/) * [Reviews Written](https://wordpress.org/support/users/robchur/reviews/) * [Topics Replied To](https://wordpress.org/support/users/robchur/replied-to/) * [Engagements](https://wordpress.org/support/users/robchur/engagements/) * [Favorites](https://wordpress.org/support/users/robchur/favorites/) Search replies: ## Forum Replies Created Viewing 2 replies - 1 through 2 (of 2 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Custom DataBase Tables] Web API](https://wordpress.org/support/topic/web-api/) * [robchur](https://wordpress.org/support/users/robchur/) * (@robchur) * [9 years, 2 months ago](https://wordpress.org/support/topic/web-api/#post-8903142) * Problem solved. * We have misunderstood the purpose of ‘allowed hosts’ screen. The purpose is to define which client (IP address or FQDN) is authorized to make a call to WebAPI. If the client is not listed then the server will return a 401. * OMHO: using a white list of IP addresses for security is pretty weak as spoofing an IP address if fairly simple to do. However, the current implementation using a combination of both Address and API_Key, so assuming you are using SSL and manage your keys, you should be good. * [@ka2](https://wordpress.org/support/users/ka2/) I would be happy to create a draft english manual for web api if you would like. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Custom DataBase Tables] Web API](https://wordpress.org/support/topic/web-api/) * [robchur](https://wordpress.org/support/users/robchur/) * (@robchur) * [9 years, 2 months ago](https://wordpress.org/support/topic/web-api/#post-8902989) * I am getting the same problem. I believe the 401 indicate an authentication error. Its not clear what credentials need to be provided and by what method. * I will post back here if I have any luck determining. Viewing 2 replies - 1 through 2 (of 2 total)