REST API with Bedrock? "Sorry, you are not allowed to create posts as this user."


const SITE = '...';
const auth = { username: '....', password: '....' };
const token = Buffer.from(`${auth.username}:${auth.password}`, 'utf8').toString('base64');

const wpFetch = (url, meta) => fetch(
    headers: { Authorization: `Basic ${token}` },

(async () => {
  try {
    const fetched = await wpFetch(
        method: 'POST',
        body: JSON.stringify({
          title: 'Hello World',
          content: 'content',
          status: 'publish',
    const json = await fetched.json();
  } catch (e) {

I’m getting Sorry, you are not allowed to create posts as this user., which I think is the generic WP error message. The password above was generated with “Application Password”.

Just wondering if anyone knows why this isn’t working on bedrock, could it be the different password encryption scheme?

Bedrock uses a different than the default WordPress one for improved security:

However, you are using REST API with Basic Auth, which sends the password unencrypted (well, base64 encoded, but this isn’t encryption), so what is used for hashing the passwords in database should not be a factor.
Do you have such an authentication plugin installed and activated?