Title: Application password issue Last modified: November 28, 2023 --- # Application password issue * [masyia](https://wordpress.org/support/users/masyia/) * (@masyia) * [2 years, 6 months ago](https://wordpress.org/support/topic/application-password-issue/) * Hello. * Application password does not work for me with WordPress 6.4.1. I had a default installation, with twentytwentyfour theme and no plugins except default akismet and hello ones.I use php 8.0.25 and nginx 1.22.1 as webserver.I created application password, used my admin username and application password with following query` curl -i -X POST -d '{ "title": "New Article Title", "content": "Your article content goes here.", "status": "draft" }' -H 'Content-Type: application/json'- u adminuser:application_pass https://domain.com/wp-json/wp/v2/posts/` * But got an error `{"code":"incorrect_password","message":"Error:<\/strong > The password you entered for the username adminuser<\/strong> is incorrect.` * I found this thread [https://wordpress.org/support/topic/application-passwords-no-longer-authenticating/](https://wordpress.org/support/topic/application-passwords-no-longer-authenticating/) and tried to downgrade WP to 6.3.1 – application password started to work, I created post successfully without changing access details, using same request. * `curl -i -X POST -d '{ "title": "New Article Title", "content": "Your article content goes here.", "status": "draft" }' -H 'Content-Type: application/json'- u adminuser:application_pass https://domain.com/wp-json/wp/v2/posts/          HTTP/1.1 201 Created To check further, upgrade to 6.3.2 broke application password again, so the change should be between 6.3.1 and 6.3.2, as written in mentioned post.No server settings were changed, only WP version. That’s why I think the issue is not directly server-side. However it may be that WordPress core had some changes after 6.3.1 that require specific webserver or other settings, that I miss. * Any help is appreciated. Thank you. Viewing 4 replies - 1 through 4 (of 4 total) * Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/) * (@bcworkz) * [2 years, 6 months ago](https://wordpress.org/support/topic/application-password-issue/#post-17237004) * I’m not too familiar with cURL, but I think you’ll want to send user:password base64 encoded as a basic Authorization header. The following example uses wp_remote_post(), which in turn uses cURL within when available. This does work with the latest version of WP. * ``` $api_response = wp_remote_post( 'http://example.com/wp-json/wp/v2/posts', array( 'headers' => array( 'Authorization'=> 'Basic ' . base64_encode( 'my-user:fx3r Jsdg puRd SkTI oSUE vJ6M' ), // not a real user or password ), 'body' => array( 'title' => 'My test', 'status' => 'draft', // we do not want to publish it immediately 'content' => 'Sample post content', 'categories' => '4', // comma separated string of IDs 'tags' => '2, 29', // comma separated string of IDs 'date' => '2023-10-10T10:00:00', // YYYY-MM-DDTHH:MM:SS 'excerpt' => 'Read this test post', 'slug' => 'new-test-post', 'post_type' => 'post', 'post_parent' => 0, // more body params are here: // developer.wordpress.org/rest-api/reference/posts/#create-a-post ), ) ); // handling of $api_response follows ``` * Moderator [threadi](https://wordpress.org/support/users/threadi/) * (@threadi) * [2 years, 6 months ago](https://wordpress.org/support/topic/application-password-issue/#post-17237034) * About curl: have a look at the example here: [https://developers.miniorange.com/docs/rest-api-authentication/wordpress/basic-authentication](https://developers.miniorange.com/docs/rest-api-authentication/wordpress/basic-authentication)– the secret is to send the bas64-encoded authentication in the header. * Thread Starter [masyia](https://wordpress.org/support/users/masyia/) * (@masyia) * [2 years, 6 months ago](https://wordpress.org/support/topic/application-password-issue/#post-17238303) * [@threadi](https://wordpress.org/support/users/threadi/) [@bcworkz](https://wordpress.org/support/users/bcworkz/) Thank you for the tips. I tried to use base64 encoded access details with same result: post is created with 6.3.1 * `curl -i -X POST -d '{ "title": "New Article Title", "content": "Your article content goes here.", "status": "draft" }' -H 'Content-Type: application/json'- H "Authorization: Basic ." https://domain.com/ wp-json/wp/v2/posts/  HTTP/1.1 201 Created and got an error with 6.4.1curl -i- X POST -d '{ "title": "Third Article Title", "content": "Your article content goes here.", "status": "draft" }' -H 'Content-Type: application/json' -H "Authorization: Basic ." https://domain.com/wp-json/wp/v2/posts/{" code":"incorrect_password","message":"Error:<\/strong> The password you entered for the username adminuser<\/strong> is incorrect.,} * Again, the user/application password did not change, so I’m sure they are correct. Server settings also did not change, meaning server side is capable to accept authorization header both in base64 and not. * I’m investigating further, trying to find any information if any specific headers should be added to php/nginx configs. * If you have any further suggestions/advice I’d be grateful for any help. * [ihabosman](https://wordpress.org/support/users/ihabosman/) * (@ihabosman) * [2 years, 5 months ago](https://wordpress.org/support/topic/application-password-issue/#post-17322913) * Hi there, * Same problem, my curl request not working with wordpress 6.4.2 but working when i downgrade to 6.3.1 for example * return : incorrect_password, code 500 Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Application password issue’ is closed to new replies. * In: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/) * 4 replies * 6 participants * Last reply from: [ihabosman](https://wordpress.org/support/users/ihabosman/) * Last activity: [2 years, 5 months ago](https://wordpress.org/support/topic/application-password-issue/#post-17322913) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics