Title: Problem Using Postman and WP REST API Last modified: February 10, 2017 --- # Problem Using Postman and WP REST API * Resolved [tetsuya40](https://wordpress.org/support/users/tetsuya40/) * (@tetsuya40) * [10 years, 1 month ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/) * I installed and activated the plugin WP OAuth Server v3.1.97 on WordPress 4.5, along with the plugin WP REST API version 2.0-beta13. Following the tutorial on [https://wp-oauth.com/knowledge-base/using-postman-and-wp-rest-api/](https://wp-oauth.com/knowledge-base/using-postman-and-wp-rest-api/) I have failed to get the token. * [view auth](http://chiptown.it/wp-content/uploads/2016/04/Schermata-2016-03-25-alle-13.46.09.jpg) * [view send](http://chiptown.it/wp-content/uploads/2016/04/Schermata-2016-04-20-alle-10.47.23.jpg) * In my link [http://chiptown.it/wp-json](http://chiptown.it/wp-json) does not display the type of authentication (..authentication: [], ..) * [view json](http://chiptown.it/wp-content/uploads/2016/04/Schermata-2016-04-20-alle-10.36.42.jpg) * Where am I doing wrong? * Vincenzo * [https://wordpress.org/plugins/oauth2-provider/](https://wordpress.org/plugins/oauth2-provider/) Viewing 10 replies - 1 through 10 (of 10 total) * Thread Starter [tetsuya40](https://wordpress.org/support/users/tetsuya40/) * (@tetsuya40) * [10 years, 1 month ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/#post-7298833) * I tried modifying my .htaccess file but the website does not work: * # BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ – [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME}!- d #RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteRule ./ index.php [L] * # END WordPress * Plugin Author [Justin Greer](https://wordpress.org/support/users/justingreerbbi/) * (@justingreerbbi) * [10 years, 1 month ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/#post-7298878) * Have you removed the `#` in the .htaccess file? Even though you are using the grant type user credentials (password), you must still pass the client_id and secret for the application in the header or the body as well. * Note: All grant types other than Auth Code is only for licensed users which is not covered here. * Thread Starter [tetsuya40](https://wordpress.org/support/users/tetsuya40/) * (@tetsuya40) * [10 years, 1 month ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/#post-7299023) * I have created a user of WordPress: * name: ‘maradona’ (with permission of the author) password: ‘GD5xxx’ * and I included in body (Postman) * grant_type: ‘password’ username: ‘maradona’ password: ‘xxxx’ * [see link Then I created in OAuth Server> Clients> Add New Clients the client: * name: ‘maradona’ client_id: ‘w0PRPx’ secret: ‘rl7xx’ * and I entered into the Postman Authorization tab: * Username: ‘w0PRPx’ Password: ‘rl7xx’ * Then I run ‘Update Request’ and created me the key header. * [see link](http://chiptown.it/wp-content/uploads/2016/04/Schermata-2016-03-25-alle-13.46.09.jpg) * Finally I ran the ‘Send’ to make the POST and responded with the error ‘invalid_client’, error_description: “Clients were not found in the headers or body.” * In the .htaccess file I tried to insert ‘RewriteRule. * – [E = HTTP_AUTHORIZATION:%{ HTTP: Authorization}]’ (uncommented) after RewriteBase, then even after RewriteCond and RewriteRule after, but does not work the layout and after I performed the‘ Send’ I have the same error. * Vincenzo * [please do not share credentials. It is very dangerous! ;)] * Plugin Author [Justin Greer](https://wordpress.org/support/users/justingreerbbi/) * (@justingreerbbi) * [10 years, 1 month ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/#post-7299067) * When you check the server status tab what doe the CGI line say? * Plugin Author [Justin Greer](https://wordpress.org/support/users/justingreerbbi/) * (@justingreerbbi) * [10 years, 1 month ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/#post-7299069) * Please not that there is a different between the following. * client_id is not the user name and the secret is not the password. When you pass the username and password field, use the users username and password. * pass client_id = client_id client_secret = client_secret in the body as well if you would like. * it looks like you are mixing values. * Thread Starter [tetsuya40](https://wordpress.org/support/users/tetsuya40/) * (@tetsuya40) * [10 years, 1 month ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/#post-7299083) * Following the link [https://wp-oauth.com/kb/header-authorization-basic-may-not-work-expected/](https://wp-oauth.com/kb/header-authorization-basic-may-not-work-expected/) I should: … 3.Send client_id and client_secret post as a parameter in the body instead of using Basic Auth. * If (Postman) modify the Username and Password fields of the Authorization Tab( Type: Basic Auth), and instead of client_id and secret (client: ‘maradona’) insert username and password (user: ‘maradona’), after ‘send ‘I do not receive the token and gives me the same answer    “Error”: “invalid_client”    “Error_description”:“ Client credentials were not found in the headers or body” * see link [http://chiptown.it/wp-content/uploads/2016/04/Schermata-2016-04-26-alle-10.20.06.png](http://chiptown.it/wp-content/uploads/2016/04/Schermata-2016-04-26-alle-10.20.06.png) * Plugin Author [Justin Greer](https://wordpress.org/support/users/justingreerbbi/) * (@justingreerbbi) * [10 years, 1 month ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/#post-7299090) * > If (Postman) modify the Username and Password fields of the Authorization Tab * If you server is running CGI then the auth headers are not being read by the server thus making the auth tab useless in postman. * > Following the link > [https://wp-oauth.com/kb/header-authorization-basic-may-not-work-expected/](https://wp-oauth.com/kb/header-authorization-basic-may-not-work-expected/) > I should: … 3.Send client_id and client_secret post as a parameter in the body > instead of using Basic Auth. * This is correct. You must also send the username and password as well. * I have added an export of user credentials for CGI servers at [https://wp-oauth.com/kb/using-postman-and-wp-rest-api/](https://wp-oauth.com/kb/using-postman-and-wp-rest-api/). You can find the zip for download at the very bottom of the article under “Notes’ * Thread Starter [tetsuya40](https://wordpress.org/support/users/tetsuya40/) * (@tetsuya40) * [10 years, 1 month ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/#post-7299108) * Wow! The problem is solved 🙂 * i have modified my .htaccess file: * # BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ – [L] RewriteCond %{HTTP:Authorization} . RewriteRule .* – [E=HTTP_AUTHORIZATION:%{ HTTP:Authorization}] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME}!- d RewriteRule . /index.php [L] # END WordPress * I have deleted client_id and secret from the Postman Authorization tab, and i have included into the keys of the body tab. * view link: * [http://chiptown.it/wp-content/uploads/2016/04/ForJustinGreer.png](http://chiptown.it/wp-content/uploads/2016/04/ForJustinGreer.png) * Thanks! 😀 * Plugin Author [Justin Greer](https://wordpress.org/support/users/justingreerbbi/) * (@justingreerbbi) * [10 years, 1 month ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/#post-7299112) * Glad it is working for you know! Please let mew know if you need anything else. * Thread Starter [tetsuya40](https://wordpress.org/support/users/tetsuya40/) * (@tetsuya40) * [10 years, 1 month ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/#post-7299126) * Adding the string “Header always set Access-Control-Allow-Headers: Authorization” in the .htaccess file, now also reads the header! 😀 * [view link](http://chiptown.it/wp-content/uploads/2016/05/forJustin2.jpg) * My .htaccess file: * # BEGIN WordPress Header always set Access-Control- Allow-Headers: Authorization RewriteEngine On RewriteBase / RewriteRule ^index\. php$ – [L] RewriteCond %{HTTP:Authorization} . RewriteRule .* – [E=HTTP_AUTHORIZATION:%{ HTTP:Authorization}] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME}!- d RewriteRule . /index.php [L] # END WordPress Viewing 10 replies - 1 through 10 (of 10 total) The topic ‘Problem Using Postman and WP REST API’ is closed to new replies. * ![](https://ps.w.org/oauth2-provider/assets/icon-256x256.gif?rev=2603051) * [WP OAuth Server (OAuth Authentication)](https://wordpress.org/plugins/oauth2-provider/) * [Frequently Asked Questions](https://wordpress.org/plugins/oauth2-provider/#faq) * [Support Threads](https://wordpress.org/support/plugin/oauth2-provider/) * [Active Topics](https://wordpress.org/support/plugin/oauth2-provider/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/oauth2-provider/unresolved/) * [Reviews](https://wordpress.org/support/plugin/oauth2-provider/reviews/) * 11 replies * 3 participants * Last reply from: [imokweb](https://wordpress.org/support/users/imokweb/) * Last activity: [9 years, 4 months ago](https://wordpress.org/support/topic/problem-using-postman-and-wp-rest-api/#post-8790600) * Status: resolved