Rest API – API request restricted when requesting from same domain

I have a custom API endpoint that is rejecting calls being made from the same domain.

EG: I can request .../wp-json/darts/v1/venues Get another 200 response from postman (or curl) and the expected list of locations.

However, if I request the same endpoint from the same domain (either from within a WP theme or just from a static HTML file) it rejects it with the following error:

    "code": "rest_forbidden",
    "message": "Sorry, you are not allowed to do that.",
    "data": {
        "status": 401

For info I am using JWT to authenticate the request Authorization: "Bearer XXX" Headers in place.

Maybe a CORS issue? but also add "Access-Control-Allow-Origin: *" Header it’s still the same.

Any help or advice appreciated 🙂

Leave a Comment