Trying to use woocommece REST api, authentication header is stripped

I have a dreampress site, and I’d like to use the woocommerce REST api from a desktop application to create products but cannot get authenticated. I am using postman to build my request and can verify the outgoing header contains
“Authorization Basic base64 of customer key:customer secret”. from looking in the postman console for the request header. The user that the key/secret is made for has read/write access

The outgoing header also contain for example a phpsession cookie, useragent, a postman-token and a bunch of other headers. As a test I have made a php page that just displays the headers that it receives from the server, and I can recognize most of the ones from the request header, but there is no Authorization.

I have installed a REST api logging plugin, and when I try to for example access the woocommerce products with “https://sitename/wp-json/wc/v2/products/” I can see the request being received, but no user is recognized for the request.

I believe it’s because the authentication header is being stripped by apache. I have found many, many references to this problem and most of them talk about tweaking my .htaccess in ways that are incomprehensible to me, so I try one magic incantation after another. I frankly do not understand how apache works, just want to authenticate so I can work on the real job.

Here are a few examples of .htaccess changes that are supposed to fix this, and may do so for others but not me.


RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule ^(.

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1

I have tried these and quite a few others both before and after the wordpress block in .htaccess. I found a similar post in this community from 2013 with yet another variation for .htaccess

I believe I’m still using the old ubuntu 14 on the domain, so apache 2.12 I believe but don’t know how to check and don’t know how to update.

Any suggestions welcome

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.