Can't use /wp-json/wp/v2/plugins API endpoint even as administrator
https://wordpress.stackexchange.com/questions/374695
-
21-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
Using Basic Authentication as an Administrator, I am getting an error code 401 Unauthorized : [rest_cannot_view_plugins] Sorry, you are not allowed to manage plugins for this site. error when I attempt to access the GET /wp-json/wp/v2/plugins endpoint of my server. I can pull Post and Page info with no problem, but when I query against the plugins, I'm getting the 401 error. I've confirmed that the userid used in the API call should be able to manage plugins using the CLI tool:
# wp user list-caps $USER | grep plugin
activate_plugins
edit_plugins
update_plugins
delete_plugins
install_plugins
Any pointers would be appreciated.
解决方案
SUGGESTIONS
I suggest the following:
- first ensure you are running WordPress version
5.5.*as this version adds the endpoints for/wp/v2/pluginssee: New and modified REST API endpoints in WordPress 5.5 - using basic authentication issue a request as per the following using curl
curl --user username:password https://example.com/wp-json
The first request should succeed regardless because it will likely be (unless you've done otherwise) unsecured.
Then try:
curl --user username:password https://example.com/wp-json/wp/v2/plugins
If this fails you may not have the means to issue basic authentication requests, so add it for the purpose of testing.
Install the following:
https://github.com/WP-API/Basic-Auth/blob/master/basic-auth.php
I'd simply recommend placing that file in your site wp-content/mu-plugins directory. If the directory does not exist, create it first.
Then repeat the curl request:
curl --user username:password https://example.com/wp-json/wp/v2/plugins
If you are authenticated correctly, you should receive back a response appropriate for that endpoint.
TESTS
- I have tested this via first trying on an install
5.3.*and the route does not exist (as we should expect) - I have tested this on an install
5.5.*and the route does exist as expected but requires an authentication method (for testing I have used Basic Authentication) and you can read more about Authentication methods in general here: https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/
NOTE (on authentication):
Depending on what you are trying to achieve you may benefit from more robust authentication like OAuth or Application Passwords (see https://wordpress.org/plugins/application-passwords/) but here the choice is ultimately yours, Basic Authentication may suffice, but be mindful of security considerations around storing plain text username and passwords for the given user making the request. You may want to create a specific use with just enough permissions/capabilities for this purpose if relying on Basic Authentication.
Useful reading:
