Title: Rest API code”:”rest_forbidden” error Last modified: October 20, 2022 --- # Rest API code”:”rest_forbidden” error * Resolved [kautukbhatnagar](https://wordpress.org/support/users/kautukbhatnagar/) * (@kautukbhatnagar) * [3 years, 7 months ago](https://wordpress.org/support/topic/rest-api-coderest_forbidden-error/) * I am trying to work on an app where i need to test membership of a user * i am trying to test apis but it is giving me * `{"code":"rest_forbidden","message":"Sorry, you are not allowed to do that."," data":{"status":401}}` * though i have followed [https://www.paidmembershipspro.com/documentation/advanced/api/rest-api/](https://www.paidmembershipspro.com/documentation/advanced/api/rest-api/) * Plugins i have installed : - Application Passwords - Paid Memberships Pro - Paid Memberships Pro – REST API Demo ([https://github.com/strangerstudios/pmpro-rest-api-demo](https://github.com/strangerstudios/pmpro-rest-api-demo)) * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Frest-api-coderest_forbidden-error%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [Andrew Lima](https://wordpress.org/support/users/andrewza/) * (@andrewza) * [3 years, 7 months ago](https://wordpress.org/support/topic/rest-api-coderest_forbidden-error/#post-16117807) * Hi [@kautukbhatnagar](https://wordpress.org/support/users/kautukbhatnagar/) * Thank you for reaching out to Paid Memberships Pro. * This sounds like your user that you are trying to authenticate with does not have relevant permissions for that particular route. * Does this happen for all Paid Memberships Pro routes you try to interact with or only specific ones? * You may also filter and adjust the required capabilities for each route to your own needs by using the ‘pmpro_rest_api_route_capabilities’ filter outlined here– [https://github.com/strangerstudios/paid-memberships-pro/blob/dev/includes/rest-api.php#L985-L1000](https://github.com/strangerstudios/paid-memberships-pro/blob/dev/includes/rest-api.php#L985-L1000) * I hope this helps clear things up. * Thread Starter [kautukbhatnagar](https://wordpress.org/support/users/kautukbhatnagar/) * (@kautukbhatnagar) * [3 years, 7 months ago](https://wordpress.org/support/topic/rest-api-coderest_forbidden-error/#post-16117848) * this happen for all Paid Memberships Pro routes i am trying to interact with * Plugin Author [Andrew Lima](https://wordpress.org/support/users/andrewza/) * (@andrewza) * [3 years, 7 months ago](https://wordpress.org/support/topic/rest-api-coderest_forbidden-error/#post-16117881) * Thanks, this sounds like your account that you’re authenticating with doesn’t have the right permissions. I haven’t been able to replicate this issue on my test site. * I did not install Application Passwords, as this is included in newer versions of WordPress. A great way to test these routes is to use Postman and use basic authentication with your username and application password to ensure this isn’t code related from your app. * Thread Starter [kautukbhatnagar](https://wordpress.org/support/users/kautukbhatnagar/) * (@kautukbhatnagar) * [3 years, 7 months ago](https://wordpress.org/support/topic/rest-api-coderest_forbidden-error/#post-16118033) * [@andrewza](https://wordpress.org/support/users/andrewza/) Can you please guide me * I think I am missing something here, you might be able to locate it in minutes. I tried in postman and getting the same result actually… Even tried without Application Passwords * Plugin Author [Andrew Lima](https://wordpress.org/support/users/andrewza/) * (@andrewza) * [3 years, 7 months ago](https://wordpress.org/support/topic/rest-api-coderest_forbidden-error/#post-16118236) * [@kautukbhatnagar](https://wordpress.org/support/users/kautukbhatnagar/) I’m not too sure what’s going wrong with your REST API as it’s difficult to assume what’s interfering here. * I recommend in testing this with an admin account when authenticating to ensure you have all the right capabilities as I mentioned earlier. By default you have to authenticate for Paid Memberships Pro routes as per the code I referenced and not using an application password or authenticating with the REST API would result in the error you are experiencing. * The most common cause of the 401 issue, is that your authentication is either wrong or the authenticated account does not have capabilities outlined here – [https://github.com/strangerstudios/paid-memberships-pro/blob/dev/includes/rest-api.php#L985-L1000](https://github.com/strangerstudios/paid-memberships-pro/blob/dev/includes/rest-api.php#L985-L1000)( Such as ‘pmpro_orders’ or ‘pmpro_edit_memberships’). * Here is an image of my postman test to my local environment that’s working: * [https://i.postimg.cc/NMn8YfT7/Screen-Shot-2022-10-20-at-13-56-54.png](https://i.postimg.cc/NMn8YfT7/Screen-Shot-2022-10-20-at-13-56-54.png) * If you need more detailed help, I recommend reaching out to a local WordPress developer or post to jobs.wordpress.net to get help from a developer to debug this site specific issue further. - This reply was modified 3 years, 7 months ago by [Andrew Lima](https://wordpress.org/support/users/andrewza/). * [bohdanwlcm](https://wordpress.org/support/users/bohdanwlcm/) * (@bohdanwlcm) * [3 years, 6 months ago](https://wordpress.org/support/topic/rest-api-coderest_forbidden-error/#post-16254977) * I have the similar issue. For my admin user I created Application Password, then I created base64 from auth data: `const token = Buffer.from(${process.env. WP_USERNAME}:${process.env.WP_APP_PASSWORD}).toString( 'base64');` * Set Basic Authorization: `axios.defaults.headers.common['Authorization'] = Basic ${token};` * But any `/pmpro/v1` route, I’m trying to trigger always returns me the error: * ``` data: { status: 'error', error: 'Restricted', error_description: 'Sorry, you are not allowed to access REST API.' } ``` * My user has all pmpro capabilities. - This reply was modified 3 years, 6 months ago by [bohdanwlcm](https://wordpress.org/support/users/bohdanwlcm/). - This reply was modified 3 years, 6 months ago by [bohdanwlcm](https://wordpress.org/support/users/bohdanwlcm/). Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Rest API code”:”rest_forbidden” error’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/paid-memberships-pro_f1dacb.svg) * [Paid Memberships Pro - Content Restriction, User Registration, & Paid Subscriptions](https://wordpress.org/plugins/paid-memberships-pro/) * [Frequently Asked Questions](https://wordpress.org/plugins/paid-memberships-pro/#faq) * [Support Threads](https://wordpress.org/support/plugin/paid-memberships-pro/) * [Active Topics](https://wordpress.org/support/plugin/paid-memberships-pro/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/paid-memberships-pro/unresolved/) * [Reviews](https://wordpress.org/support/plugin/paid-memberships-pro/reviews/) ## Tags * [api](https://wordpress.org/support/topic-tag/api/) * [pmpro](https://wordpress.org/support/topic-tag/pmpro/) * 6 replies * 3 participants * Last reply from: [bohdanwlcm](https://wordpress.org/support/users/bohdanwlcm/) * Last activity: [3 years, 6 months ago](https://wordpress.org/support/topic/rest-api-coderest_forbidden-error/#post-16254977) * Status: resolved