How to authenticate WP Rest APIs with Postman

Cookie authentication is the standard authentication method included with WordPress. However, when using nonces you will often run into an issue with Postman throwing an error — “Cookie nonce is invalid” with HTTP Status of 403. In this article we will talk about how to deal with this issue and make WP Rest APIs work in Postman. Hope you are feeling excited. So, let’s dive in..

Cookie authentication method relies on WordPress cookies. As a result this method is generally applicable when the REST API is used inside of WordPress and the current user is logged in. In addition, the current user must have the appropriate capability to perform the action being executed.

To make WP Rest API work with Postman, we need to setup the security token, get the appropriate cookie and pass the correct parameters in the request header.

Step 1: Grab the current nonce

The nonce acts as the security token. So, login into your WordPress environment and simply try to create or edit a post. WordPress injects that token/nonce in the post editing screens.

WordPress nonces have a limited “lifetime” after which they expire. During that time period the same nonce can be reused for a given user in a given context.

Open the browser console, so that we can copy the nonce. Type wpApiSettings in the developer console and we will get the nonce.

Step 2: Grab the wordpress_logged_in cookie

On the same browser console navigate to the Application tab to grab the cookie. The cookie has two parts, Cookie Name and Cookie Value.

The Cookie we are looking for will have the following format — wordpress_logged_in_<hash>

The value will be a long string stored against the above name.

Example — admin%7C1589130602%7Ccw kZ7nYB eEITkO7FpIJck5YVgrnP49xXIHEycilSRzI% 7Ca2d3a5fcd39da8268b2a45d3993d4927 0b204e2b2406802250e4102ec40184

Step 3: Setup Postman to invoke the WP Rest API

Now that we have the two important pieces of data, let’s setup Postman request and call our REST API.

GET Example:

Rest API URL — http://localhost:8888/wppro3/wp-json/wp/v2/posts/13 — will get the details of the post ID: 13
Request Method : GET
Header Parameters: We need to pass two additional parameters:

X-WP-Nonce — <the value of nonce>
Cookie — <The value of cookie, in the format CookieName=CookieValue>

POST Example:

Rest API URL — http://localhost:8888/wppro3/wp-json/oasis-workflow/v1/workflows/submit — will submit the post to a workflow in Oasis Workflow.
Request Method : POST
Header Parameters: We need to pass two additional parameters:

X-WP-Nonce — <the value of nonce>
Cookie — <The value of cookie, in the format CookieName=CookieValue>

Bonus — Using cURL for calling the same WP Rest APIs

curl -H “X-WP-Nonce: 2b0d8576d0” -X GET http://localhost:8888/wppro3/wp-json/wp/v2/posts/13 -b wordpress_logged_in_1eab42beff633b4ed7bf3e0bd0525c9d=admin%7C15 89130602%7CcwkZ7nYBeEITkO7FpIJck5YVgrn P49xXIHEycilSRzI%7C a2d3a5fcd39da8268b2a45d399f97c4927 0b20432b2406802250e4102ec40184

Voila!! We did it. Now, we are able to authenticate the WordPress REST APIs from within Postman. Happy coding.

Add-on Updates and Oasis Workflow Pro v4.1 release

The Oasis Workflow team works tirelessly to get features, new extensions, improvements, and bug fixes released to the public and you, our wonderful users. Over the last month, we have been working on several updates including changes to various add-ons.

Here are the important updates to Oasis Workflow Pro v4.1.

Enhancement – We moved “Review Settings” from Workflow Settings page to the “Review” process. This will help to have much better control on the review process.

Enhancement – Added support for Multi-role users. When displaying the assignee list during “Submit to Workflow” Or “Sign off”, we will now consider all the different roles a user is assigned to.

Fixed – We changed the Oasis Workflow system related meta keys to use underscore, so those are not visible on the UI.

Fixed – We fixed the “View” link from the Inbox page. In some cases, it was throwing a 404 error.

Fixed – We now display out of the box post statuses on the edit page.

Add-on Updates:

Teams Add-on updated to version 2.4 – We modified the code base to adhere to our Add-ons coding standards. When you update the add-on you will see an error message saying the “The plugin oasis-workflow-pro-teams/oasis-workflow-pro-teams.php has been deactivated due to an error: Plugin file does not exist.“. Simply activate the plugin again and you will be good to go.

Also, if you update Oasis Workflow Pro to version 4.1, please update the Teams Add-on to version 2.4. There are changes in Oasis Workflow Pro v4.1 that are related to Teams v2.4.

Groups Add-on updated to version 1.1 – We fixed issue related to uninstall of this add-on. We also got rid of some redundant code.

Editorial Checklist Add-on updated to version 1.3 – We fixed issue related to the condition group not getting saved on workflow step information.

We are thrilled for these updates and hope you enjoy it as well. As with all major updates, we strongly recommend that you use a staging or test server to test the updates on your site before installing it on a live site.

If your license is expired and you wish to renew your license, simply click the link in your license renewal email and follow the instructions. Renewals are discounted at 40% from the plugin price.

Written by Ravi Ajmera
Ravi Ajmera is the founder and lead developer of Oasis Workflow plugin. Ravi takes pride in developing integrated workflow solutions to make content publishing process transparent and easy. When not writing code, he can often be found playing tennis or working in his backyard.

Auto Submit to Workflow

You can enable auto submit feature on a given workflow, by specifying certain conditions for auto submit. A background process runs every 2 hours which will submit the articles to the workflow that meet the criteria.

Step 1: Enable Auto Submit Settings

Go to Workflows –> Settings –> Auto-Submit Settings
Enable Auto Submit.
Select the post/page statuses that should be picked up for auto-submit.
Specify the due date for the initial submit.
Add any comments to be added as part of the auto-submit
Specify the number of posts/pages to be processed during one cycle.
Save the settings.

Step 2: Enable Auto Submit settings on a given workflow.

Edit the workflow – Workflows –> All Workflows –> Select the workflow for auto-submit.
In the workflow, enable “auto-submit”.
Specify the keywords for submitting a given post to this particular workflow. The keywords will be scanned in the post title.

How does auto-submit work?

Once the auto submit settings are saved, an automated process will run every 2 hours, scan for articles that meet the criteria and are not yet in any workflow.

The keywords are scanned in the title of the post/page and if the post/page are in the specified status, they are submitted to the relevant workflow.

You can trigger auto-submit manually for one time by clicking “Trigger Auto-Submit – Just one time” on the Auto-Submit Settings page.

Reassign-How to pass the buck?

What if you have been assigned a workflow task, but you feel you are not the appropriate person to complete it? No worry, you can assign the task to another person.

When you reassign a task, it will show you all the possible users in the drop down. The list is generated dynamically and it depends on the roles assigned to that particular step.

After you reassign the task, the new assignee will see the task in their inbox and will also receive an e-mail notification . Also, more importantly, the Workflow history will capture this particular action.

If you intend to hide the “reassign” functionality, you can simply remove the “ow_reassign_task” capability from that role.

Due Date and Email reminders help you to publish your articles on time

By assigning due dates to the tasks you can make sure the workflows are completed in a timely fashion. Email reminders before (and after) the tasks are due help users to act on their tasks as soon as possible and keep the workflow moving.

Role-Based routing definitions allow you to assign tasks dynamically

Eliminate the bottlenecks caused by using named resources in the approval process. By using role-based routing, you can ensure that your process moves forward as quickly as possible without sacrificing accountability.

Role based routing is one of the important aspects for making your workflows dynamic in nature.

When designing your workflows, you create steps and assign roles to those steps. You also define what happens to the status of your article. Whether it goes into pending after a successful review OR it goes back to draft after someone rejects the review. Once you clearly define your process, the rest works like magic.

The Workflow Engine, takes care of showing the list of possible assignees (actual users) for the roles you have selected in your workflow step. It also takes care of moving the article into the correct status as defined in your workflow step.

If you add a headcount to your existing group of editors/users, OR if someone leaves the organization, you do not have to change your workflow.

The Workflow Engine will take care of showing the new users in the list of available assignee.

Got too many users? OR Need the assignee list to be short and directed to certain groups/departments? Checkout our Teams Add-on and see if that helps.

Tag Archives: home_down