APIs
Click the button below to test in Postman:
Authorization
To interact with the Luvre API, all requests must include a JWT access token for authentication and authorization. This ensures secure access control, allowing the system to verify user identity, roles, domain and permissions.
How the Token Works
The access token is generated using JSON Web Token (JWT) and includes the following payload:
$payload = [
'uid' => $uid, // User ID
'uname' => $uname, // Username
'uroles' => $uroles, // User roles (e.g., admin, editor)
'dom' => $dom, // Token domain (must match site domain)
'iat' => $iat, // Issued at timestamp
'exp' => $exp, // Expiration timestamp
];Key Features of the Token
✅ User Identification – The token contains the user ID and username to authenticate the requester. ✅ Role-Based Access – The uroles field defines user permissions, ensuring API access is restricted based on roles. ✅ Domain Validation – The dom field ensures the token is only valid on the intended domain, preventing misuse. ✅ Expiration Control – The exp field sets a time limit for token validity, improving security.
Managing Access Tokens
Tokens must be sent in the Authorization header as a Bearer token in API requests:
Authorization: Bearer YOUR_ACCESS_TOKENIf the token is missing, expired, or invalid, the API will reject the request with an appropriate error response.
Administrators can manage token expiration, role-based access, and domain restrictions easily.
This approach ensures a secure and flexible authentication system, making it easier to manage user access, roles, and permissions across the API. 🚀
Get All Folders
GEThttps://yoursite.com/wp-json/luvre/public/v1/folder/folders
Retrieves a list of folders based on various filter parameters such as order, owner, and inclusion of attachment data.
Headers
Authorization
string
Bearer <token>
Parameters
order
string
Sorting order: ASC or DESC
No
orderby
string
Sorting field: ord, name, created
No
owner-id
int
Get folders owned by a specific user (Admin-only)
No
all-folders
boolean
If 1, retrieves all folders across users (Admin-only)
No
attachments-data
boolean
If 1, includes attachment details
No
Response
{
"success": true,
"data": {
"folders": [{
"id": 4,
"name": "Products",
"color": "#07C4B3",
"parent": 0,
"post_type": "attachment",
"ord": 0,
"created_by": 1,
"created": "2025-03-25 15:37:18",
"attachments_count": 1,
"attachment_ids": [12249],
"children": [{
"id": 9,
"name": "Polo",
"color": "#03A9F4",
"parent": 4,
"post_type": "attachment",
"ord": 0,
"created_by": 1,
"created": "2025-03-25 15:46:22",
"attachments_count": 0,
"attachment_ids": [],
"children": []
}]
}, {
"id": 1,
"name": "My Posts",
"color": "#2196F3",
"parent": 0,
"post_type": "post",
"ord": 1,
"created_by": 1,
"created": "2025-03-04 18:11:44",
"attachments_count": 1,
"attachment_ids": [12337],
"children": []
}]
}
}Get Folder by ID
GEThttps://yoursite.com/wp-json/luvre/public/v1/folder/get/:folder_id
Fetches a specific folder by ID, with an option to include attachment data.
Headers
Authorization
string
Bearer <token>
Parameters
id
int
The folder ID to retrieve
✅ Yes
attachments-data
boolean
If 1, includes attachment details
No
Response
{
"success": true,
"data": {
"folders": [{
"id": 4,
"name": "Parent",
"color": "#07C4B3",
"parent": 0,
"post_type": "attachment",
"ord": 0,
"created_by": 1,
"created": "2025-03-25 15:37:18",
"attachments_count": 1,
"attachment_ids": [12249],
"children": []
}]
}
}Create a New Folder
POSThttps://yoursite.com/wp-json/luvre/public/v1/folder/create
Creates a new folder with a specified parent, name, and post type.
Headers
Authorization
string
Bearer <token>
Request Body
parent_id
int
ID of the parent folder. Set 0 to make as root folder
✅ Yes
name
string
Name of the folder
✅ Yes
post_type
string
Post type (e.g., attachment)
✅ Yes
Example Request Body (json)
{
"parent_id": 100,
"name": "New Folder via Api",
"post_type": "attachment"
}Response
{
"success": true,
"data": {
"name": "New Folder via Api",
"id": 107,
"parent": 100
}
}Assign Attachments to a Folder
POSThttps://yoursite.com/wp-json/luvre/public/v1/attachment/add
Assigns attachments to a specific folder.
Headers
Authorization
string
Bearer <token>
Request Body
folder_id
int
The folder ID to add attachments to
✅ Yes
ids
array or int
Attachment ID(s)
✅ Yes
Example Request Body (json)
Single id
{
"folder_id": 75,
"ids": 12243
}Multiple ids
{
"folder_id": 75,
"ids": [12243, 12181, 11326, 11328]
}Response
{
"success": true,
"data": {
"message": "insert_success",
"folder_data": {
"id": "75",
"name": "New Folder",
"color": "#03A9F4",
"parent": "0",
"post_type": "attachment",
"ord": "1",
"created_by": "1",
"created": "2025-03-25 15:37:22",
"attachments_count": "4",
"attachment_ids": ["11326", "11328", "12181", "12243"]
}
}
}🚫 Authentication Failed (403 Error) Even with Correct Token
If you're seeing an error like this when making a request to the REST API:
{
"code": "rest_forbidden",
"message": "Authentication failed",
"data": {
"status": 403
}
}Even though your Bearer Token is correctly set in Postman (or any API client), this typically means that the token is not reaching WordPress due to how your server handles HTTP headers—especially the Authorization header.
🛠️ Fix for Apache Servers
If you're using Apache, it's likely that the Authorization header is being stripped or not passed correctly to WordPress.
To fix this, you need to add the following line to your site’s .htaccess file:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1Open your
.htaccessfile (usually located in your WordPress root directory).Add the line above just before the WordPress rules section.
Save the file and try your API request again.
Last updated