Permission issue with API key

Support
1

Hello,

Here’s my problem: using a clean installation of Debian v13 in a virtual machine, I installed WordPress and the MainWP plugin via WP-Cli.
I configured it (permalinks other than PLAIN, and removed other unnecessary plugins).
I created an API v2 key in the REST API section with only Read permissions.
In Postman, I retrieved the MainWP REST API v2 collection and selected the “Get Sites” endpoint.
I filled in the requested fields (the site link and the API key).

However, when I executed the request, I only got a 401 error with the message “The API key provided does not have read permissions.”

I didn’t understand where I went wrong. I spent all day looking for a solution, but without success, the problem just persisted.

Ask me if you want information, since it’s only local, the data doesn’t matter to me.

2

Hey @ChrisPhoenix

Welcome to the MainWP community.

Is this the call you were trying out /wp-json/mainwp/v2/sites/?

I’ve just tested it with only Read permissions and it works as expected for me.

Make sure that you’re using v2 calls from Postman if didn’t have “MainWP REST API v1 Compatibility” enabled when creating the REST API key.

I assume that you have Postman installed and not just using the web app?

Finally, can you send us the full URL of the API call you’re sending including the base URL?

3

Hello,

Of course, the API key created is in v2 and v1 compatibility is disabled.

Yes, I do use Postman as an installed application.

Yes, here is the full URL used for the API call:

http://mainwp.zindex.test/wp-json/mainwp/v2/sites

Thank you for your help.

4

Thanks @ChrisPhoenix

Just to test it out, can you see if you will get the same 401 error when this API key has both Read and Write permissions?

When you open http://mainwp.zindex.test/wp-json/ directly in your browser, do you see WP REST index JSON?
If there is some kind of a block in place, you will see a message similar to this
one: {"code":"rest_cannot_access","message":"DRA: Only authenticated users can access the REST API.","data":{"status":401}}

5

Hello,

Whether in Read or Read/Write, I always get the same error (401: mainwp_rest_authentication_error)

Yes, I am receiving WP REST index JSON:

{ "name": "MainWP Dashboard", "description": "", "url": "'http://mainwp.zindex.test", "home": "http://mainwp.zindex.test", "gmt_offset": "0", "timezone_string": "", "page_for_posts": 0, "page_on_front": 0, "show_on_front": "posts", "namespaces": [ "oembed/1.0", "mainwp/v2", "mainwp/v1", "wp/v2", "wp-site-health/v1", "wp-block-editor/v1" ], ...

Unfortunately (or fortunately?) I did not come across this message.

I feel like I’m stuck at the endpoint level. Even via console using CURL, I’m stuck with this problem. So I asked myself the following question:

  • Is the API key properly handled by the Apache header?
  • If so, is it having trouble retrieving the key’s permissions?

I checked the database myself to see if the key is present, and it is (although I find the key format and permissions strange).

Thank you for your help.

6

Hello,

After extensive research into these blocking (401) issues, I finally installed SSL on the local server, and by some miracle, API requests finally work.

Surprisingly, MainWP requires SSL to match API keys to permissions, and I couldn’t find anything in the documentation that specifies what’s required for command-line configuration.

7

Hey @ChrisPhoenix

Glad to hear you got it solved by installing the SSL cert on the local server.

This is indeed seems to be the case. The team will look into this some more and possibly make adjustments in a future release.

On some localhost setups, adding this code in wp-config.php may help with this issue until then:

if (strpos($_SERVER['HTTP_HOST'], 'localhost') !== false) {

$_SERVER['HTTPS'] = 'on';

}
8

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.