WordPress REST API Authentication

With the WordPress REST API Authentication plugin by miniOrange you can protect WP REST API endpoints from public access.

Disable FacetWP's refresh API endpoint in the 'Protected REST APIs' settings list. — To prevent 403 errors, disable FacetWP’s refresh API endpoint in the “Protected REST APIs” settings list.

With the free version of this plugin, third-party plugins (like FacetWP) are excluded from adding authentication. However, with the default settings enabled, this plugin will unexpectedly block access to FacetWP’s /facetwp/v1/refresh (and /facetwp/v1/fetch) endpoints. The /facetwp/v1/refresh endpoint is needed in the front-end for filtering, so this block will cause 403 or 401 errors on refresh (when filtering), leading to non-functioning facets.

To fix this issue, you can either upgrade to a suitable premium plan of this plugin, or disable protection for FacetWP’s /facetwp/v1/refresh endpoint. To do so, open the “Protected REST APIs” settings, click open the “Un-Authenticated WordPress Custom REST APIs” tab, and scroll to /facetwp/v1. Uncheck the /facetwp/v1/refresh option. Leave the /facetwp/v1/fetch option checked.

Note: FacetWP’s /facetwp/v1/fetch endpoint is closed by default, to protect your data. If you are building a custom application that needs access, you can enable it.

Search the Help Center

WordPress REST API Authentication

See also

Your site deserves the best filtering

Search the Help Center

WordPress REST API Authentication

See also

Related articles

Your site deserves the best filtering