REST API v2 Error

I am trying to integrate Gravity Forms with integromat and when I enter in the information for the API I get an error saying “Sorry, you are not allowed to do that.”. Integromat says the error comes from GF. Does anyone have any ideas about fixing that?

The best place to get assistance for this is to open a support ticket but I will leave this open in case someone wants to share their experience.


I no longer have the email that was associated with paypal. I have the token though. Is there a way I can still submit a ticket?

I recommend contacting us here in that case and explaining the issue with your license email:

I’m having the same issue

I am trying to integrate Gravity Forms with integromat and when I enter in the information for the API I get an error saying “Sorry, you are not allowed to do that.”

Following these instructions

Was there a conflicting plugin involved? I’ve tried disabling the ones I think could cause issues.

Hi Robey. I recommend testing with logging for the Gravity Forms API enabled to see what the actual issue with the API authentication.

Here’s how you can enable logging in Gravity Forms:

I’ve also opened a ticket for this issue; but thought I’d add my logging results here:

2020-05-15 2:16:55.470037 - DEBUG --> GF_REST_Authentication::authenticate(): Running.
2020-05-15 2:16:55.470140 - DEBUG --> GF_REST_Authentication::perform_basic_authentication(): Running.
2020-05-15 2:16:55.470174 - ERROR --> GF_REST_Authentication::perform_basic_authentication(): Aborting; credentials not found.
2020-05-15 2:16:55.470197 - DEBUG --> GF_REST_Authentication::perform_oauth_authentication(): Running.
2020-05-15 2:16:55.470231 - ERROR --> GF_REST_Authentication::perform_oauth_authentication(): Aborting; OAuth parameters not found.
2020-05-15 2:16:55.567249 - DEBUG --> GF_REST_Controller::current_user_can_any(): method: GET; route: /gf/v2/forms; capability: “gravityforms_edit_forms”; result: false.

Hi Carl. If you have not received it already, this is the reply from Richard:

Some hosting environments don’t pass the basic authentication headers from incoming requests to PHP. As they are not included in the request which is available to the WordPress and Gravity Forms REST APIs the request will fail authentication.

WordPress have had reports of this issue with their basic auth plugin for a few years now:

As you can see in that issue some have found making a change to the htaccess file resolves the issue.

There is also this issue where an engineer at WPEngine confirms it is a hosting issue which the host can resolve by making a change to the Apache configuration on the server hosting the site:

Good day Chris,

Received yes; thanks.

Fortunately, they’re my own servers; so I’m looking my options. For everyone’s reference, the primary options at this point seem to be:

  1. Modify .htaccess adding something like:

IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

  1. Add the following to your Apache config:

SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1

  1. If you are using mod_proxycgi and Apache 2.4.13+ there is also a [CGIPassAuth] directive that can be used within your main apache config file or .htaccess CGIPassAuth on.

  2. If you use mod_fastcgi configure your virtual host fastcgi configuration to use the “-pass-header Authorization” flag:

<IfModule mod_fastcgi.c>
SetHandler php7-fcgi .php|
Action php7-fcgi /php7-fcgi virtual|
Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi|
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket /var/run/php/php7.0-fpm.sock -pass-header Authorization