REST API Authentication for Joomla
The REST API Authentication plugin for Joomla provides security against unauthorised access to your Joomla REST APIs. It provides you with a variety of authentication methods like API key authentication, OAuth 2.0 authentication, JWT authentication, Authentication with an External IDP/Third Party Provider using Introspection Endpoint etc. Choose the best fit for your environment and provide secure REST API authentication in communication between your client and the service application.
Features
Role based access to Joomla REST APIs
Based on user's Joomla roles/capabilities users can get access to his Joomla Dashboard and other REST APIs for that site.
Signature Validation
Provide the Signature Verification and Validation along with JWT Token Validation. Also, an option to select the Signing Algorithm to validate the JWT token.
Custom Token Expiry
Default token expiry time provided is 1 hour. Using this feature admin can change the token expiry date as per his requirement.
Exclude REST APIs
Default all the Joomla REST APIs will be protected. Using this feature admin can make some APIs to publicly accessible without authentication.
Custom Header
Default Authorization Header will be used to authenticate the requests. Using this feature admin can change Authorization header to any other header accordingly.
Supported Methods
Basic Authentication
If you want to protect your Joomla REST APIs (e.g. posts, pages, and other REST APIs) with users' login credentials or client-id:client-secret, then you can opt for this method. It is recommended that you use this method on HTTPS or Secure Socket Layer.
API Key Authentication
If you want to protect your Joomla REST APIs from unauthenticated users but you don’t want to share the users' login credentials or client id, then you can use API Key authentication, which will generate a random authentication key for you. Using this key, you can authenticate any REST API on your site.
JWT Authentication
If you are looking to protect your REST APIs using the JWT token and if you do not have any third-party provider that issues the JWT token, then you should go for the JWT Authentication method. In this case, our Joomla REST API Authentication itself issues the JWT token and works as an API Authenticator to protect your REST APIs.
OAuth 2.0 Authentication
If you are looking for protecting your REST APIs using the access-token and at the same time you do not have any third party provider/identity provider, then you should go for OAuth 2.0 Authentication method. In this scenario, our Joomla REST API Authentication works as both OAuth Server and API Authenticator to protect your REST APIs.
Third Party Provider Authentication
If you are looking for protecting/restricting access to your Joomla REST APIs using your OAuth Provider/Identity provider, then you should go for Third Party Provider Authentication method. Here, you just need to configure the plugin with Introspection Endpoint/User Info Endpoint provided by your Identity Provider and you will be able to authenticate the API Request using the token provided by your provider application.
Customization Services
We also provide efficient Joomla customization services, where we develop state of the art plugins and extensions for Joomla with custom modifications to cater to all your needs. miniOrange is extremely experienced and efficient in Joomla development and can develop and customize multiple Joomla features to secure Joomla sites and applications.
Please click here for our EULA.
Need Help? We are right here!
