<div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small">Hi Tim,</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Yeah, I think you need to get the token first using the API.  See the link I sent, It doesn't look too bad.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default"><a href="https://medium.com/@avyatech/how-to-authenticate-woocommerce-app-user-e76187423bba">https://medium.com/@avyatech/how-to-authenticate-woocommerce-app-user-e76187423bba</a><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Oct 1, 2018 at 5:36 PM tim Rowledge <<a href="mailto:tim@rowledge.org">tim@rowledge.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
> On 2018-10-01, at 2:19 PM, Ron Teitelbaum <<a href="mailto:ron@usmedrec.com" target="_blank">ron@usmedrec.com</a>> wrote:<br>
> <br>
> Hi Tim,<br>
> <br>
> Here are the basics: <a href="https://en.wikipedia.org/wiki/Digest_access_authentication" rel="noreferrer" target="_blank">https://en.wikipedia.org/wiki/Digest_access_authentication</a> <br>
<br>
Interesting; it even seems like a good idea. I'd never have thought of looking for 'digest authentication'!<br>
<br>
> <br>
> What did you get back from on the 401?  Check headers on WebResponse.<br>
<br>
an OrderedCollection('server'->'nginx/1.14.0' 'date'->'Mon, 01 Oct 2018 21:23:35 GMT' 'content-type'->'application/json; charset=UTF-8' 'transfer-encoding'->'chunked' 'connection'->'keep-alive' 'expires'->'Wed, 11 Jan 1984 05:00:00 GMT' 'cache-control'->'no-cache, must-revalidate, max-age=0' 'x-robots-tag'->'noindex' 'link'->'<<a href="https://astropicase.com/wp-json/" rel="noreferrer" target="_blank">https://astropicase.com/wp-json/</a>>; rel="<a href="https://api.w.org/" rel="noreferrer" target="_blank">https://api.w.org/</a>"' 'x-content-type-options'->'nosniff' 'access-control-expose-headers'->'X-WP-Total, X-WP-TotalPages' 'access-control-allow-headers'->'Authorization, Content-Type' 'x-endurance-cache-level'->'2')<br>
<br>
No 'WWW-Authenticate' entry to trigger the auth process.<br>
<br>
> <br>
> Are you behind a proxy server?  Maybe Proxy-Authenticate.<br>
<br>
Not so far as I know or can tell.<br>
<br>
<br>
<br>
tim<br>
--<br>
tim Rowledge; <a href="mailto:tim@rowledge.org" target="_blank">tim@rowledge.org</a>; <a href="http://www.rowledge.org/tim" rel="noreferrer" target="_blank">http://www.rowledge.org/tim</a><br>
Compromise, says Prof. Trefusis, is stalling between two fools<br>
<br>
<br>
</blockquote></div>