what role is connected if using the Token API?

  • Detlef Beyer
    # 4 years, 1 month ago

    I’m testing the free version of the miniOrange API Authentication plugin. Authentification with the token to read data works fine. But when I try something like:

    curl -H “Authorization:Bearer mytoken” -d ‘slug=mkyong’ PUT -X

    I run into an authorization problem – the user role doesn’t allow the modification of the record.
    I understood that the basic (free) version will open access to all user roles – role specific access is limited to the premium versions. But I run into a 401 all the time?

    Same on the demo account you opened for me:
    {“code”:”rest_cannot_edit”,”message”:”Sorry, you are not allowed to edit this post.”,”data”:{“status”:401}}

    # 4 years, 1 month ago

    Hi there,

    Thanks for reaching out to us.

    In the API Key authentication method, we use the subscriber role and It does not have capabilities to modify the records. If you want to modify the records you can use the Basic Authentication, JWT Authentication or OAuth 2.0 authentication method.

    If you use another method you have to take care that the user you are passing for the authentication has the capabilities to update or create those records or REST APIs.

    Let us know if you find any difficulty we’d be happy to help you.

    Thank you

    Detlef Beyer
    # 4 years, 1 month ago

    I just tested OAuth 2.0 on the demo account you set up for me (thanks!) and that works fine.

    # 3 years, 4 months ago

    I just purchased a license for the API Key Authentication. The license plan states “Support for GET, POST, PUT & DELETE methods”. However, in this threat it sounds like PUT method does not work. Am I missing something?

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.