|
dassaultfalcon
|
May 21, 2018 at 12:21 pm
Hello !
We are trying to use the registrations API link –
http://lmtdev/wp/em/wp-json/ee/v4.8.36/registrations
Getting this error in the body –
“Sorry, you are not allowed to list registrations. Missing permissions: ee_read_registrations,ee_read_others_registrations”
I am using the wordpress admin account to access this.
|
|
Josh
|
May 21, 2018 at 2:46 pm
Hi there,
Can you explain how you’re using the WordPress admin account to access the endpoint? Normally you would need to either pass the username password via the query string or (better and more recommended) use Application Passwords.
|
|
dassaultfalcon
|
May 21, 2018 at 2:54 pm
Hi Josh,
We use JWT WordPress plugin for authentication, and I am passing the token that I get from there .. ??
Thanks,
Amit
|
|
Josh
|
May 21, 2018 at 7:20 pm
If your site is hosted on shared hosting, most of the time the HTTP Authorization Header cannot be passed. This can usually be worked around by making an edit to the site’s .htaccess file. There’s specific information on the JWT Authentication for WP REST API plugin’s page:
https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/
please refer to the section:
PHP HTTP Authorization Header enable
|
|
dassaultfalcon
|
May 23, 2018 at 7:03 am
I tried this. Still get same error ..
Here is my .htaccess –
RewriteEngine On
RewriteBase /wp/
RewriteRule ^index\.php$ – [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^ – [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
RewriteRule ^(.*) – [E=HTTP_AUTHORIZATION:%1]
I do get a token from JWT plugin.
I set the header –
Authorization: ‘Bearer ‘ + my_JWT_token
And then make a GET request at –
http://lmtdev/wp/em/wp-json/ee/v4.8.36/registrations
This is the response that I am getting –
{
“code”: “rest_registrations_cannot_list”,
“message”: “Sorry, you are not allowed to list registrations. Missing permissions: ee_read_registrations,ee_read_others_registrations”,
“data”: {
“status”: 403
}
}
|
|
Josh
|
May 23, 2018 at 7:10 am
Your server may not allow the authorization headers. We’ve seen this before with the mobile apps.
You could try another means of doing an Auth’d GET request by using Postman, then set the Authorization Type to Basic Auth, then input your WP admin username and password into the username and password fields.
https://slack-files.com/T02SY781D-FAUTMCUTF-4590c7c605
If the above method works then the JWT plugin would be the direction to go for the troubleshooting. If the above method does not work, then it’s likely a server issue.
|
|
dassaultfalcon
|
May 23, 2018 at 7:20 am
I tried that, and if I do a Basic Auth, it works. I get a list of all registrations ..
With JWT plugin, I am not getting that ??
|
|
Josh
|
May 23, 2018 at 7:34 am
In that case can you reach out to the developer of the JWT plugin for support?
|
|
dassaultfalcon
|
May 23, 2018 at 7:38 am
Neah, I tried the application password plugin, and it is working, so thats fine.
Thanks for the help.
|
