Possible REST API authentication issue with switched users

Resolved

(@mark8181)

Subject: Possible REST API authentication issue with switched users

Hi,

I’m encountering a compatibility issue when using the User Switching plugin together with AffiliateWP’s Affiliate Portal.

The behavior is the following:

– When logging in normally as the affiliate user, the Affiliate Portal works correctly.
– When switching to the same user using User Switching, the portal loads but the internal data (statistics, URLs, graphs) fail to load.

In the browser console I see REST API errors such as:

/wp-json/affwp/v2/portal/settings
returning:
401 / rest_forbidden

The message returned is:
"Non hai i permessi per farlo."

This suggests the switched session may not be passing authentication correctly to protected REST endpoints.

Interestingly, disabling another plugin (Jeg Elementor Kit) seems to avoid the issue, but since the portal works with a real login, it appears more related to switched-user session handling rather than the portal itself.

Could you please confirm whether User Switching fully supports REST API authentication for switched users, particularly for endpoints that require user capabilities?

If there are known limitations or recommended workarounds, I would be happy to test them.

Thank you for your work on the plugin.

Viewing 1 replies (of 1 total)

Plugin Author John Blackbourn
(@johnbillion)

WordPress Core Developer

1 week, 4 days ago

User Switching replaces your authentication cookie with one that’s valid for your target user so yes, authentication with the REST API works just the same as it does when logging in to the user account manually.

I suspect that endpoint might have an additional authentication requirement, or the REST nonce is being cached or otherwise sent incorrectly, but that depends entirely on your implementation and isn’t related to User Switching.

Best of luck!

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.