API & Development

API Returns 401 Unauthorized

REST API calls fail with authentication error

1. Wrong Credentials

Application Password: Must be the generated password, NOT your user password

Format: Base64-encoded username:application_password

Generate Application Password:

1. Users → Your Profile → Application Passwords
2. Enter name (e.g., “PulseRank API”)
3. Click “Add New Application Password”
4. Copy generated password (spaces included or not)

Test Authentication:

curl -u username:application_password https://yoursite.com/wp-json/pulserank/v1/reports/overview?days=7

2. Application Passwords Disabled

Check wp-config.php for define( 'WP_APPLICATION_PASSWORDS', false );

Solution: Remove this line or set to true.

3. Basic Auth Not Supported

Some hosts block HTTP Basic Authentication. Workaround – Use Cookie Authentication:

// From WordPress admin, API requests auto-authenticated
fetch( '/wp-json/pulserank/v1/reports/overview?days=7', {
    headers: {
        'X-WP-Nonce': pulserankConfig.nonce // Available in admin
    }
} );

API Returns 403 Forbidden

Authentication works but permission denied

Cause: User lacks manage_options capability

Solution: PulseRank API requires administrator role, or custom role with manage_options capability

Grant Permission:

// functions.php - Allow editor role to access API
add_filter( 'pulserank_can_view_reports', function( $can_view ) {
    return current_user_can( 'edit_pages' ); // Allow editors
} );

API Returns Empty Data

API call succeeds but returns {}

Diagnosis:

• 1. Check if data exists: Visit PulseRank dashboard. Verify reports show data.
• 2. Check date range: API parameter: ?days=7. If no data in that period, returns empty.
• 3. Verify endpoint: Correct URL: /wp-json/pulserank/v1/reports/overview

Test Known Endpoint:

curl https://yoursite.com/wp-json/pulserank/v1/health

Should return system health info (no auth required for health check).