Search Results :


WordPress Rest API Authentication

WordPress REST API Authentication plugin provides the security from unauthorized access to your WordPress REST APIs. Our plugin provides a variety of authentication methods like Basic Authentication, API Key Authentication, OAuth 2.0 Authentication, JWT Authentication. Authentication with External Identity Providers/ Third Party Providers token like that of Firebase, Azure, AWS Cognito, Okta, Keycloak, ADFS, Google, Facebook, Apple etc. Choose the best fit for your environment & secure your WordPress REST APIs communication between your client and the service application

Contact us at and we'll help you set up Rest API for for WordPress in no time.

How to secure WordPress REST API endpoints?




Active Installs



Our Plugin Key Features

Rest API for WordPress

Role based access to WP REST APIs

Based on user's WordPress roles/ capabilities users can get access to his WordPress Dashboard and other WordPress REST APIs.

Rest API Authentication for WordPress

Signature Validation

Provide the Signature Verification and Validation along with JWT Token Validation. also, an option to select the Signing Algorithm to validate the JWT token for WP REST API Authentication.

RestAPI for WordPress

Custom Token Expiry

Default token expiry time provided is 1 hour. Using this feature admin can change the token expiry date as per his requirement.

wordpress rest api authentication

Exclude REST APIs

By default our plugin protects all the WordPress REST APIs. Using this feature admin can exclude some APIs for public access with out authentication.


Custom Header

Default Authorization Header will be used to authenticate the requests. Using this feature admin can change Authorization header to any other header accordingly.

Rest API for WordPress

HMAC Encryption

Provides features to encrypt the token passed in the header in Basic Authentication method using the HMAC encryption method which makes your header token much secure and users credentials can’t be exposed.

Rest API for WordPress

User Based API Key(Token)

This feature is present in the API Key Authentication method in which the token(key) is generated based on the WordPress users and that will help in accessing those APIs that require WordPress user credentials.

Rest API for WordPress

Third Party JWT Token support

This feature allows to authenticate the API based on the JWT token, which provides the facility to authenticate the APIs based on the JWT token received from the external Providers.

Rest API for WordPress

WordPress User Login API

This plugin provides you with the WordPress login API, such that you can use this API endpoint to authenticate your users logging into other applications using their WordPress credentials.

Rest API for WordPress

Multiple Authentication Applications

This feature allows you to set up multiple authentication applications so that you provide different access keys to different clients. You can also revoke access easily to a particular client/user.

Authentication methods for Rest APIs

Basic Authentication Method

Basic Authentication allows you to authenticate the WordPress REST API endpoints access using a basic token obtained in an encoded format using the user’s WordPress login credentials or client credentials provided by the plugin.

OAuth 2.0 Authentication

It involves the security token generated using the most secure OAuth 2.0 Authentication protocol. The plugin both as an OAuth/Identity Provider to provide a Bearer token (access token/JWT token) on successful validation and an API Authenticator for allowing API access accordingly based on the token validation.

JWT Authentication

JWT authentication allows you to authenticate the WordPress REST API endpoint access using a valid JWT token (JSON Web Token). The plugin provides an endpoint to generate a Bearer JWT using the valid user’s WordPress login credentials. The generated token can be used to authenticate the WordPress REST API endpoints.

API Key Authentication

API Key Authentication allows you to authenticate the WordPress REST API endpoint access using an API key provided by the plugin. This method eliminates the need for using the user’s WordPress login credentials for generating the Bearer API key (secret token).

Third Party Provider Authentication

Third-party Authentication allows you to authenticate the WordPress REST API endpoints using an external token provided by External providers like Firebase, Azure, Amazon Cognito, Keycloak, Google, Facebook, Okta, ADFS, Apple etc. The plugin validates these external tokens directly from its provider and allows APIs access on successful validation.

Our Third Party Integrations

 woordpress rest api authentication- custom api endpoints

WordPress Custom Endpoints Authentication

Plugin provides the ability to authenticate custom-built REST API endpoints in WordPress with any of our highly secure methods as per your need.
Also, if you are looking to create new custom REST API endpoints in WordPress to interact WordPress database without writing any code, then these endpoints be easily generated using our completely GUI-based plugin - Custom API for WordPress. This plugin involves no code and APIs can be generated to interact with the WordPress database.

wordpress rest api authentication

WooCommerce APIs

WooCommerce APIs Authentication provides the facility for authentication of WooCommerce REST API, so all the Woocommerce will be authenticated against the security key (token) rather than Woocommerce default authentication which has the chance for exposing sensitive consumer secrets. Hence, eliminates the need for using Woocommerce default authentication.

wordpress rest api authentication - learndash integration

Learndash APIs

Learndash APIs Authentication allows you to authenticate the Learndash REST API endpoints by validating against the security token (key). It provides you with secure access to Learndash user profiles, courses, groups & many more REST APIs provided by the Learndash plugin in WordPress.

 wordpress rest  api integration - buddypress integration

BuddyPress APIs

BuddyPress APIs Authentication allows you to authenticate the Buddypress REST API endpoints by validating against the security token (key). You can access BuddyPress REST API endpoints and also authenticate those from different authentication methods within the plugin. The BuddyPress profile and other information can be securely accessed and modified using the plugin.

 wordpress rest api integration - gravity form integration

Gravity Form APIs

The plugin supports interaction with Gravity Forms from external client applications via its WordPress REST API endpoints. This integration allows you to authenticate the Gravity Form REST endpoints by validating against the security token (key).

wordpress rest appi integration -external api integration

External APIs

We provide the support for integrating External/Custom APIs in WordPress, it will provide the facility to perform fetch/update operations on the data through the External API call. The external APIs can be integrated with 3rd party WordPress plugins like Woocommerce, Alidropship etc and external applications like Google Merchant, Zoho, Paypal, Woocommerce, WPForms etc.

Transparent, Simple Pricing

The plugin's licensing is linked to the domain of the WordPress instance, thus if you have a dev-staging-prod environment, you will need three licenses (with discounts applicable on pre-production environments). If you are facing any difficulty in choosing the suitable plan or have any custom requirements regarding API integration in your WordPress site, do contact us at


(Basic, API Key, JWT)


Upgrade Now
  • Protect default WP APIs with :
    • Basic Authentication
    • API Key Authentication
    • JWT Authentication
  • Setup Single Authentication method
  • Role-based Access to APIs
  • Configurable API Protection Choose APIs for public access without authentication
  • Custom Token Expiry
  • HSA & RSA Signature Validation


(OAuth 2.0, OAuth Token)


Upgrade Now
  • Essential Plan Features +
  • Protect default WP APIs with :
    • OAuth 2.0
    • Token from External Identity Providers
      • Firebase
      • Azure
      • Google
      • Okta
      • Any OAuth/OIDC provider.


(Complete API security)


Upgrade Now
  • Advanced Plan Features +
  • Custom-developed REST endpoints Secure all custom APIs created to get specific data
  • Third-Party plugin API authentication:
    • WooCommerce
    • Learndash
    • Buddyboss
    • CoCart
    • Gravity Forms etc.
  • Setup Multiple Authentication methods

Frequently Asked Questions

The WordPress REST API Authentication plugin allows you to secure the endpoints of the WordPress site by adding authentication methods such as JSON Web Tokens (JWT) and OAuth 2.0, JWT, or API Key. You can enforce stricter access controls and ensure that only authorized users or applications can interact with your site's data via the REST API.

The miniOrange REST API Authentication plugin is especially useful when building applications that need to interact with your WordPress site's data while keeping it secure from unauthorized access or potential attacks.

The WordPress REST API Authentication plugin is beneficial for several reasons, especially if you want to enhance the security and control access to your WordPress site's data when using the WordPress REST APIs.

1. Secure Access to REST API Endpoints: By default, the WordPress REST API allows public access to API endpoints, which may expose sensitive information or allow unauthorized modifications to your site's content.

2. Preventing Unauthorized Access: Without authentication, anyone can access the publicly available REST API endpoints, potentially leading to data leaks or misuse of sensitive information. The plugin allows you to restrict access to specific users or authorized applications, reducing the risk of unauthorized access and data breaches.

3. Limiting Access Permissions: The plugin provides the ability to grant different levels of access to different users or applications. You can create specific access roles and permissions for API requests, allowing for granular control over what actions can be performed through the REST API.

4. Enhancing API Security: By implementing industry-standard authentication methods like JWT or OAuth 2.0, the plugin improves the overall security of your WordPress REST APIs. These authentication mechanisms use encryption and tokens to ensure that communication between the client and server is secure and protected against various types of attacks, such as man-in-the-middle attacks and token forgery.

You will be able to claim refund only if the request has been raised within 10 days from the date of purchase, only under the following circumstances:
a) if the software or the features you have purchased is not working as advertised on the website/ marketplace and you have attempted to resolve the issues with our support team;
b) you have purchased the wrong license or Xecurify/miniOrange product and informed us within a period of 10 days from your purchase; Please read more about the Refund Policy.

Yes, we provide 24*7 support for all and any issues you might face while using the plugin, which includes technical support from our developers. You can get prioritized support based on the Support Plan you have opted. You can check out the different Support Plans from here.

miniOrange does not store or transfer any data related to the user’s security token and keys generated by the plugin. All the data remains within your premises/server. We do not provide the developer license for our paid plugins and the source code is protected. It is strictly prohibited to make any changes in the code without having written permission from miniOrange. There are hooks provided in the plugin which can be used by the developers to extend the plugin's functionality.

Get your free trial of WordPress Rest API Now

Get Full-featured Trial

Just fill the below form with your use case requirements, we will get back to you very shortly with the Premium trial.

 Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again

Contact Info

+1 978 658 9387 (US)
+91 97178 45846 (India)
Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to