401 Unauthorized rest API with admin access

[fr33k3v1n0]

hello. i'm login as admin on my wordpress website.
i try to use rest api endpoint for wp user frontend routes to get all subscription, but a got 41 Unauthorized, i still have admin access.
don't now why??

request:

GET /wp-json/wpuf/v1/wpuf_subscription?per_page=1&offset=1 HTTP/1.1
Host: ...
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Cookie: wp-settings-time-1=1732444934; PHPSESSID=...; wordpress_test_cookie=...
wordpress_logged_in_d4bff64bb43f20c76cd261000472167b=....
Upgrade-Insecure-Requests: 1
Priority: u=0, i

response

HTTP/1.1 401 Unauthorized
Date: Sun, 24 Nov 2024 11:30:01 GMT
Server: Apache/2.4.62 (Debian)
X-Robots-Tag: noindex
Link: ...
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Vary: Origin
Content-Length: 100
Connection: close
Content-Type: application/json; charset=UTF-8



{"code":"rest_forbidden","message":"Sorry, you are not allowed to do that.","data":{"status":401}}

[anik-fahmid]

cc: @sapayth

[sapayth]

hello @fr33k3v1n0,

Thank you for trying out the API. You just need to pass the nonce in the header I believe. Feel free to notify us of any queries.

[fr33k3v1n0]

ok thank you. but where can i found this nonce??

[fr33k3v1n0]

function wpuf_admin_role() {
    return apply_filters( 'wpuf_admin_role', 'manage_options' );
}

i can not figure out where wpuf_admin_role is added

[sapayth]

1. for WP rest API, you can use wp_create_nonce( 'wp_rest' ) to create a nonce.
2. the function you mentioned is exactly where we are defining wpuf_admin_role using a filter hook. You can use the hook from your theme, child-theme or plugin to modify the behaviour if needed