403 "rest_forbidden" error in WordPress REST API (but only for settings)?

Question

i got all API from WordPress except settings (/wp/v2/settings). its returning rest_forbidden error

{
  "code": "rest_forbidden",
  "message": "Sorry, you are not allowed to do that.",
  "data": {
    "status": 403
  }
}

Answer 1

Your user does not have the correct permissions to access the data at that route. Out of the box the /settings/ route requires the manage_options permission (see the get_item_permissions_check method).

// found in WP Core class-wp-rest-settings-controller.php
/**
 * Checks if a given request has access to read and manage settings.
 *
 * @since 4.7.0
 *
 * @param WP_REST_Request $request Full details about the request.
 * @return bool True if the request has read access for the item, otherwise false.
 */
public function get_item_permissions_check( $request ) {
  return current_user_can( 'manage_options' );
}

Answer 2

What user is associated with the API credentials?

The settings endpoint needs the user to have manage_options permission; if you're using a custom role, you can add it with "manage_options" => true;

Otherwise just make the user Administrator role.

Answer 3

If somebody has an issue then try installing this plugin: https://wordpress.org/plugins/application-passwords/

Generate an application password from your profile and use that with basic auth, your username will be the same as WordPress username or email and the password will be new generated password.

You may also need to add HTTP header rewrite rule in your .htaccess file, for that please follow: https://github.com/WordPress/application-passwords/wiki/Basic-Authorization-Header----Missing