WordPress REST API Debugger

Find REST API route, auth, nonce, and permission mistakes.

Paste the endpoint, method, auth type, headers, response body, and plugin context to diagnose WordPress REST API 401, 403, nonce, route, and security-plugin failures.

Security note: do not paste real Application Passwords, bearer tokens, cookies, nonces from active admin sessions, or private API keys. Use redacted headers and exact error text.

What this checks: REST route shape, HTTP method, cookie nonce, Application Password Basic auth, permission callbacks, route registration, security plugin/WAF clues, and common WordPress REST JSON error codes.

Planned guides

401 403 Nonce App passwords rest_no_route

Problem type

Method

Auth type

REST endpoint URL or path

Request headers (redacted)

WordPress REST response body or error

Plugin/security context (optional)

Request context (optional)