I have created an API Key and Secret in the WooCommerce settings of a WordPress site, linked to a user with Administrator role. I'm able to use this API key successfully for various API calls to the site.
However, when I try to execute this API call to update a user role:
POST /wp-json/wp/v2/users/35
{
"roles": ["technician"]
}
I get back a 401 Response with the following content:
{
"code": "rest_cannot_edit_roles",
"message": "Sorry, you are not allowed to edit roles of this user.",
"data": {
"status": 401
}
}
Yet, as mentioned already, the user associated with the API key used in the API call is an Administrator, with full permissions. What am I missing?
I solved the problem by authenticating the API call with an Application Password configured on the user profile, instead of the WooCommerce API key and secret.