WordPress REST API Key Authentication Method



WordPress REST API key Authentication method involves the REST APIs access on validation against the API key(token). Each time a request to access the API will be made, the authentication will be done against the key(token), and on the basis of the verification of the API key(token), the resources for that API request will be allowed to access.

Download And Installation

  • Log into your WordPress instance as an admin.
  • Go to the WordPress Dashboard -> Plugins and click on Add New.
  • Search for a WordPress REST API Authentication plugin and click on Install Now.
  • Once installed click on Activate.

Use Case: Protect/secure WordPress REST API Endpoints access via Bearer key/token without involving user credentials.


    WordPress REST API Authentication key method

    1. If you want to protect your WordPress REST API Endpoints (eg. post, pages, and other REST APIs) from unauthenticated users but you don’t want to share users login credentials or client id, secret to authenticate the REST API, then you can use API Key authentication, which will generate a random authentication key for you. Using this key, you can authenticate any WordPress REST API on your site.

    2. Suppose you have one Android/IOS Blog Application and you have already posted all your blogs on WordPress. Now you can get all the posts/blogs from the WordPress REST APIs but it is publicly accessible. So, whenever you want to protect your GET requests from public users you should use API Key Authentication Method.


Related Use case: Authentication of WordPress REST API endpoints for fetching WordPress posts/pages and other data.

Step 1: Setup WordPress REST API Authentication plugin

  • Select REST API Authentication method →API Key and click on Save Configuration.
  • WordPress REST API Authentication key method
  • Once you save the configuration, under the Universal API key section you will get the option to Generate New Token. Click on Generate New Token button. This token will expire when you generate a new token.
  • Once you generate the API Key(token), you can use it to secure your WordPress REST APIs endpoints. You need to pass it to the header while making the REST API request as shown in the step below.
  • Users who have this token can access the REST API as shown below.
  • Request: GET https://<domain-name>/wp-json/wp/v2/posts
    Header: Authorization : Bearer <token> 
    Sample request: GET https://<domain-name>/wp-json/wp/v2/posts
    Header: Authorization : Bearer kGUfhhzXZuWisofgnkAsuHGDyfw7gfhg5s
    
  • Check out the developer documentation for more details.

Postman Samples:

    Follow the steps below to make REST API request using Postman:

  • Click on the Postman Samples tab in the plugin.
  • WordPress REST API Authentication key method postman implementation
  • Download the sample request format file for Postman. A JSON file will be auto downloaded.
  • WordPress REST API Authentication key method postman JSON file
  • Import the downloaded JSON file into the Postman Application as shown below.
  • WordPress REST API Authentication key method postman import JSON file
  • Once you import the JSON file, click on the REST API request under the Collections as shown in the last figure. Now replace the <wp_base_url> with your Wordpress domain in the http://<wp_base_url>/wp-json/wp/v2/posts and replace the API <token-value> in the header with the token value as generated in the plugin.
  • WordPress REST API Authentication key method postman replace base url

Need Help?

Mail us on oauthsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.


Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com