Key Features
Role based access to WP REST APIs
Based on user's WordPress roles/capabilities users can get access to his WordPress Dashboard and other REST APIs for that site.
Signature Validation
Provide the Signature Verification and Validation along with JWT Token Validation. also, an option to select the Signing Algorithm to validate the JWT token.
Custom Token Expiry
Default token expiry time provided is 1 hour. Using this feature admin can change the token expiry date as per his requirement.
Exclude REST APIs
Default all the WordPress REST APIs will be protected. Using this feature admin can make some APIs to publicly accessible with out authentication.
Custom Header
Default Authorization Header will be used to authenticate the requests. Using this feature admin can change Authorization header to any other header accordingly
HMAC Encryption
Provides features to encrypt the token passed in the header in Basic Authentication method using the HMAC encryption method which makes your header token much secure and users credentials can’t be exposed.
User Based API Key(Token)
This feature is present in the API Key Authentication method in which the token(key) is generated based on the WordPress users and that will help in accessing those APIs that require WordPress user credentials.
Third Party JWT Token support
This feature allows to authenticate the API based on the JWT token, which provides the facility to authenticate the APIs based on the JWT token received from the external Providers.
WordPress User Login API
This plugin provides you with the WordPress login API, such that you can use this API endpoint to authenticate your users logging into other applications using their WordPress credentials.
Multiple Authentication Applications
This feature allows you to set up multiple authentication applications so that you provide different access keys to different clients. You can also revoke access easily to a particular client/ user.
Rest API Authentication Methods
Basic Authentication
Basic Authentication allows you to authenticate the WordPress REST API endpoints access using a basic token obtained in an encoded format using the user’s WordPress login credentials or client credentials provided by the plugin.
OAuth 2.0 Authentication
It involves the security token generated using the most secure OAuth 2.0 Authentication protocol. The plugin both as an OAuth/Identity Provider to provide a Bearer token (access token/JWT token) on successful validation and an API Authenticator for allowing API access accordingly based on the token validation.
JWT Authentication
JWT authentication allows you to authenticate the WordPress REST API endpoint access using a valid JWT token (JSON Web Token). The plugin provides an endpoint to generate a Bearer JWT using the valid user’s WordPress login credentials. The generated token can be used to authenticate the WordPress REST API endpoints.
API Key Authentication
API Key Authentication allows you to authenticate the WordPress REST API endpoint access using an API key provided by the plugin. This method eliminates the need for using the user’s WordPress login credentials for generating the Bearer API key (secret token).
Third Party Provider Authentication
Third-party Authentication allows you to authenticate the WordPress REST API endpoints using an external token provided by External providers like Firebase, Azure, Amazon Cognito, Keycloak, Google, Facebook, Okta, ADFS, Apple etc. The plugin validates these external tokens directly from its provider and allows APIs access on successful validation.
Third Party Integrations
WordPress Custom APIs provides the feature to authenticate custom-built REST API endpoints in WordPress. The Custom APIs endpoints in WordPress can be generated using our completely GUI based plugin - Custom API for WordPress. This plugin involves no code and APIs can be generated to interact with the WordPress database...READ MORE
BuddyPress APIs Authentication allows you to authenticate the Buddypress REST API endpoints by validating against the security token (key). You can access BuddyPress REST API endpoints and also authenticate those from different authentication methods within the plugin. The BuddyPress profile and other information can be securely accessed and modified using the plugin.
Plans For Everyone
The plugin's licensing is linked to the domain of the WordPress instance, thus if you have a dev-staging-prod environment, you will need three licenses (with discounts applicable on pre-production environments). If you are facing any difficulty in choosing the suitable plan or have any custom requirements regarding API integration in your WordPress site, do contact us at apisupport@xecurify.com.
$149
API Key Authentication Method
$149
Basic Authentication Method
$199
JWT Authentication Method
$249
OAuth 2.0 Authentication Method
$349
Authentication from External OAuth Providers
$399
Protecting 3rd Party Plugins or Custom APIs
$449
All Inclusive Plan
|
All-Inclusive Plan $ 449 * |
Custom and 3rd Party APIs Plan
$ 399 * |
External Token Provider Plan $ 349 * |
OAuth 2.0 Authentication Plan
$ 249 * |
JWT Authentication Plan
$ 199 * |
API Key Authentication Plan
$ 149 * |
Basic Authentication Plan
$ 149 * |
|
|---|---|---|---|---|---|---|---|
|
Multiple Authentication Applications |
|
|
|
|
|
|
|
|
Basic Authentication |
|
|
|
|
|
|
|
|
API Key Authentication |
|
|
|
|
|
|
|
| JWT Authentication |
|
|
|
|
|
|
|
| OAuth 2.0 Authentication |
|
|
|
|
|
|
|
| External Token based Authentication |
|
|
|
|
|
|
|
| Authentication for Default WordPress Endpoints |
|
|
|
|
|
|
|
| Authentication for Custom built/ 3rd Party Plugin Endpoints |
|
|
|
|
|
|
|
Note: Custom built and 3rd-party plugin endpoints can be authenticated/ protected only using the All Inclusive Plan ($449) and Custom APIs Plan ($399).
* The pricing is per instance. If you have multiple instances or environments, you can opt for multiple licenses accordingly or contact us at apisupport@xecurify.com to know more.
You must purchase
- All-Inclusive Plan - A complete package to secure all the default and custom built/3rd-party plugin REST API endpoints. This includes access to all the available features and authentication methods.
- Custom and 3rd Party APIs Plan - If you need to protect all WP REST API endpoints including Custom APIs and Third Party plugin APIs with just Basic authentication, or API Key authentication, or JWT authentication.
- OAuth 2.0 Plan - If you need to protect only default WP REST API endpoints with the most secure and robust OAuth 2.0 Authentication method.
- External Token Provider Plan - If you need to protect only default WP REST API endpoints with Token from an external application like Firebase, etc.
- JWT Authentication Plan - If you need to protect only default WP REST API endpoints with JWT Authentication.
- API Key Authentication Plan - If you need to protect only default WP REST API endpoints with API Key Authentication.
- Basic Authentication Plan - If you need to protect only default WP REST API endpoints with Basic Authentication.
Frequently Asked Questions
Are the licenses perpetual?
The plugin licenses are perpetual and the Support Plan includes 12 months of maintenance (support and version updates). You can renew maintenance after 12 months at 50% of the current license cost.
What is the refund policy?
You will be able to claim refund only if the request has been raised within 10 days from the date of purchase, only under the following circumstances:
a) if the software or the features you have purchased is not working as advertised on the website/ marketplace and you have attempted to resolve the issues with our support team;
b) you have purchased the wrong license or Xecurify/miniOrange product and informed us within a period of 10 days from your purchase;
Please read more about the Refund Policy here.
Does miniOrange offer technical support?
Yes, we provide 24*7 support for all and any issues you might face while using the plugin, which includes technical support from our developers. You can get prioritized support based on the Support Plan you have opted. You can check out the different Support Plans from here.
Does miniOrange store any user data?
miniOrange does not store or transfer any data related to the user’s security token and keys generated by the plugin. All the data remains within your premises/server. We do not provide the developer license for our paid plugins and the source code is protected. It is strictly prohibited to make any changes in the code without having written permission from miniOrange. There are hooks provided in the plugin which can be used by the developers to extend the plugin's functionality.
10 Days Free Trial
Test all the premium features before purchasing the license
Try out all the add-ons and third party integrations
24*7 support to help you with the setup via mail and zoom call
Get Full-featured Trial
Thank you for your response. We will get back to you soon.
Something went wrong. Please submit your query again
WHAT OUR CUSTOMERS SAY
Need Help? We are right here!
