Hi Joe,
The error seems unrelated to the REST API issue. The REST API issue that you are experiencing is caused by an additional level of security that was added in Openfire 4.7.5, in reaction to our fixes for CVE-2023-32315.
The new configuration properties that were added as a result of that can interfere with the functionality of certain Openfire plugins. This is especially true for plugins that bind a (web)endpoint to the embedded webserver that serves the Openfire administrative console, like current versions of the REST API plugin do. For these plugins to remain functional and/or reachable, it might be required to toggle the property adminConsole.access.allow-wildcards-in-excludes to true , and to avoid binding the embedded webserver to the loopback network interface only.