Title: Cookie Authentiction with Angularjs
Last modified: August 21, 2016

---

# Cookie Authentiction with Angularjs

 *  Resolved [nidalhajaj](https://wordpress.org/support/users/nidalhajaj/)
 * (@nidalhajaj)
 * [11 years, 12 months ago](https://wordpress.org/support/topic/cookie-authentiction-with-angularjs/)
 * I am trying to allow logged in users to read private post through the api issuing
   the simple api call /wp-json/posts/1 (which is a private post).
 * However even when I am logged in with admin rights I still get a 401 unauthorised
   error.
 * The documentation states that “WP API includes a technique called nonces to avoid
   CSRF issues. This prevents other sites from forcing you to perform actions without
   explicitly intending to do so. This requires slightly special handling for the
   API. For developers using the built-in Javascript API, this is handled automatically
   for you.”
 * Is what I am trying to do possible with this authentication?
 * [https://wordpress.org/plugins/json-rest-api/](https://wordpress.org/plugins/json-rest-api/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [Ryan McCue](https://wordpress.org/support/users/rmccue/)
 * (@rmccue)
 * [11 years, 12 months ago](https://wordpress.org/support/topic/cookie-authentiction-with-angularjs/#post-5009340)
 * You’ll need to either send the `X-WP-Nonce` header, or the `_wp_json_nonce` query
   parameter with your request. You’ll need to generate this on the server with `
   wp_create_nonce( 'wp_json' )`, which you can then output on to the page for your
   script using `wp_localize_script`.
 * (This assumes you’re accessing the data from the site’s frontend, not from an
   external site.)
 *  Thread Starter [nidalhajaj](https://wordpress.org/support/users/nidalhajaj/)
 * (@nidalhajaj)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/cookie-authentiction-with-angularjs/#post-5009394)
 * Thanks for the help Ryan
 * As of wordpress 4 I’ve noticed that you can only use the X-WP-Nonce header, the
   _wp_json_nonce query parameter seems to have been disabled.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Cookie Authentiction with Angularjs’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/json-rest-api_2e3641.svg)
 * [WP REST API (WP API)](https://wordpress.org/plugins/json-rest-api/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/json-rest-api/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/json-rest-api/)
 * [Active Topics](https://wordpress.org/support/plugin/json-rest-api/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/json-rest-api/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/json-rest-api/reviews/)

## Tags

 * [authentication](https://wordpress.org/support/topic-tag/authentication/)

 * 2 replies
 * 2 participants
 * Last reply from: [nidalhajaj](https://wordpress.org/support/users/nidalhajaj/)
 * Last activity: [11 years, 8 months ago](https://wordpress.org/support/topic/cookie-authentiction-with-angularjs/#post-5009394)
 * Status: resolved