Title: Rest API Authorization
Last modified: September 4, 2019

---

# Rest API Authorization

 *  Resolved [proxxximity](https://wordpress.org/support/users/proxxximity/)
 * (@proxxximity)
 * [6 years, 9 months ago](https://wordpress.org/support/topic/rest-api-authorization/)
 * [https://docs.woocommerce.com/wc-apidocs/source-class-WC_REST_Authentication.html](https://docs.woocommerce.com/wc-apidocs/source-class-WC_REST_Authentication.html)
   does not seem to be working as it should.
    On the site I’m building it lets anyone
   access for example /wp-json/wc/v1/orders which is unacceptable. When debugging
   I find that the $user variable don’t ever get set. Because there are no basic_auth
   parameters the perform_basic_authentication() returns on line 157. $this->perform_oauth_authentication()
   is then returned in the authenticate() function on line 89 and since there are
   no oauth parameters the perform_oauth_authentication() function returns false
   on line 319. All this is before any setting of the $user variable.
 * This in turn leads to the check_user_permissions() function to directly return
   $result (which is empty) on line 608. That as far as I can see leads to wordpress
   delivering the data because no error was thrown when checking permissions in 
   woocommerce.
 * Is this a real bug or what am I missing?

The topic ‘Rest API Authorization’ is closed to new replies.

 * ![](https://ps.w.org/woocommerce/assets/icon.svg?rev=3234504)
 * [WooCommerce](https://wordpress.org/plugins/woocommerce/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/woocommerce/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/woocommerce/)
 * [Active Topics](https://wordpress.org/support/plugin/woocommerce/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/woocommerce/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/woocommerce/reviews/)

## Tags

 * [api](https://wordpress.org/support/topic-tag/api/)
 * [authentication](https://wordpress.org/support/topic-tag/authentication/)
 * [rest](https://wordpress.org/support/topic-tag/rest/)

 * 0 replies
 * 1 participant
 * Last reply from: [proxxximity](https://wordpress.org/support/users/proxxximity/)
 * Last activity: [6 years, 9 months ago](https://wordpress.org/support/topic/rest-api-authorization/)
 * Status: resolved