DEV Community

Bruce Axtens
Bruce Axtens

Posted on

Wordpress API request problem.

Let's assume a standard wordpress website on https://example.com.au/. We have created a dev version of the website at https://example.com.au/dev.

We have installed and enabled a tool called miniOrange into our Wordpress 5.8 installation on the dev site. We have set up application passwords. Because we're using the free version of miniOrange, we've enabled Basic Authentication with Base64 Encoding of the username:password tuple.

We're using Visual Studio Code's REST Client to send the request. The request is below (slightly obfuscated):

POST https://www.example.com.au/dev/wp-json/wp/v2/pages HTTP/1.1
Content-Type: application/json
Authorization: Basic WeAreNotAllowedToShowYouThisString

{
    "slug": "a-test",
    "status": "draft",
    "content": "<h1>booM</h1>",
    "title": "A Test"
}
Enter fullscreen mode Exit fullscreen mode

When we send POST requests to the https://example.com.au/dev/wp-json/wp/v2/pages endpoint we receive the following:

HTTP/1.1 401 Unauthorized
Connection: close
X-Powered-By: PHP/7.4.22
Content-Type: application/json; charset=UTF-8
Content-Length: 153
Date: Thu, 02 Sep 2021 09:15:40 GMT
Server: LiteSpeed
Alt-Svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000

{
  "status": "error",
  "error": "INVALID_AUTHORIZATION_HEADER_TOKEN_TYPE",
  "code": "401",
  "error_description": "Authorization header must be type of Basic Token."
}
Enter fullscreen mode Exit fullscreen mode

There are a number of confusing things here, not least being that we have Authorization: Basic WeAreNotAllowedToShowYouThisString but we're receiving Authorization header must be type of Basic Token.

Has anyone seen anything like this and if so, what did you do to solve it? (We have written to miniOrange too.)

Discussion (5)

Collapse
karandpr profile image
Karan Gandhi

The docs pretty much mention stuff that you are doing.
developers.miniorange.com/docs/res...
Have you tried removing the space between Authorization and Basic ?

Authorization:Basic
Enter fullscreen mode Exit fullscreen mode

instead of

Authorization: Basic
Enter fullscreen mode Exit fullscreen mode
Collapse
bugmagnet profile image
Bruce Axtens Author

I do wish it was that simple but no, not the problem here. Interestingly, the last time (2018) I was working on this particular project (transferring content from one website to another WordPress website) I didn't have any of these issues. This time, however, because the live site is at the root of the domain and the dev site is in a subdirectory, I'm experiencing all kinds of grief.

Collapse
karandpr profile image
Karan Gandhi

Does litespeed log failed requests ?

Also if you have root access to server and tcpdump installed, intercept the post request and check if it is working.
middlewareinventory.com/blog/tcpdu...

Thread Thread
bugmagnet profile image
Bruce Axtens Author

achcha kheal, sahib ji. koshish karunga.

Thread Thread
karandpr profile image
Karan Gandhi

zaroor kijiye mahashay. aur koi dikkat ho toh banda aapki khidmat mein rehenga.,