WordPress API Plugin Features

Role based access to WP REST APIs

Based on user's WordPress roles/ capabilities users can get access to his WordPress Dashboard and other WordPress REST APIs.

Signature Validation

Provide the Signature Verification and Validation along with JWT Token Validation. also, an option to select the Signing Algorithm to validate the JWT token for WP REST API Authentication.

Custom Token Expiry

Default token expiry time provided is 1 hour. Using this feature admin can change the token expiry date as per his requirement.

Exclude REST APIs

By default our plugin protects all the WordPress REST APIs. Using this feature admin can exclude some APIs for public access with out authentication.

Custom Header

Default Authorization Header will be used to authenticate the requests. Using this feature admin can change Authorization header to any other header accordingly.

HMAC Encryption

Provides features to encrypt the token passed in the header in Basic Authentication method using the HMAC encryption method which makes your header token much secure and users credentials can’t be exposed.

User Based API Key(Token)

This feature is present in the API Key Authentication method in which the token(key) is generated based on the WordPress users and that will help in accessing those APIs that require WordPress user credentials.

Third Party JWT Token support

This feature allows to authenticate the API based on the JWT token, which provides the facility to authenticate the APIs based on the JWT token received from the external Providers.

seamlessly integrate your Active Directory / LDAP Server with WordPress

How to protect WordPress REST APIs?

You can protect your WordPress APIs with API Key, JWT (JSON Web Token), OAuth 2.0, Basic Authentication, and support for external token providers. These options allow you to control and secure access to your API, ensuring that only authorized users or systems can interact with your data and services.

Authentication methods for Rest APIs

Basic
OAuth 2.0
JWT
API Key
Third Party Provider

Basic Authentication Method

Basic Authentication allows you to authenticate the WordPress REST API endpoints access using a basic token obtained in an encoded format using the user’s WordPress login credentials or client credentials provided by the plugin.

Setup Guide Usecase

OAuth 2.0 Authentication

It involves the security token generated using the most secure OAuth 2.0 Authentication protocol. The plugin both as an OAuth/Identity Provider to provide a Bearer token (access token/JWT token) on successful validation and an API Authenticator for allowing API access accordingly based on the token validation.

Setup Guide Usecase

JWT Authentication

JWT authentication allows you to authenticate the WordPress REST API endpoint access using a valid JWT token (JSON Web Token). The plugin provides an endpoint to generate a Bearer JWT using the valid user’s WordPress login credentials. The generated token can be used to authenticate the WordPress REST API endpoints.

Setup Guide Usecase

API Key Authentication

API Key Authentication allows you to authenticate the WordPress REST API endpoint access using an API key provided by the plugin. This method eliminates the need for using the user’s WordPress login credentials for generating the Bearer API key (secret token).

Setup Guide Usecase

Third Party Provider Authentication

Third-party Authentication allows you to authenticate the WordPress REST API endpoints using an external token provided by External providers like Firebase, Azure, Amazon Cognito, Keycloak, Google, Facebook, Okta, ADFS, Apple etc. The plugin validates these external tokens directly from its provider and allows APIs access on successful validation.

Setup Guide Usecase

Our Third Party Integrations

WordPress REST API authentication - custom API endpoints

WordPress Custom Endpoints Authentication

Easily secure your custom WordPress REST API endpoints with any of our secure authentication methods. No coding is needed—create and manage new endpoints effortlessly with our GUI-base Custom API for WordPress, ensuring seamless database interaction and enhanced security.

WooCommerce APIs

Protect your WooCommerce REST API with secure token-based authentication, eliminating risks from default authentication methods. Safeguard customer data, prevent unauthorized access, and enhance security while ensuring seamless API integration with WooCommerce.

Learndash APIs

LearnDash API authentication lets you securely access LearnDash REST API endpoints with token-based authentication, protecting user profiles, courses, and groups. Our plugin ensures safe, efficient interaction with LearnDash features in WordPress, enhancing security while streamlining API access and management.

BuddyPress APIs

Securely authenticate and manage BuddyPress profiles with our API authentication plugin. Validate REST API requests using a security token and multiple authentication methods, ensuring safe access and seamless integration with BuddyPress data for better control and security.

Gravity Form APIs

Easily connect Gravity Forms with external apps using WordPress REST API endpoints. Our plugin ensures secure authentication by validating REST endpoints with a security token (key), giving you a smooth and safe way to integrate Gravity Forms with other applications.

External APIs

Easily integrate external or custom APIs into WordPress to streamline data fetching and updates. Enhance functionality by connecting with top plugins like WooCommerce and AliDropship, or sync seamlessly with external apps like Google Merchant, Zoho, PayPal, and WPForms for better efficiency.

WordPress

WooCommerce

Learndash

BuddyPress

Gravity Form

External APIs

Transparent & Simple Pricing

The plugin's licensing is linked to the domain of the WordPress instance, thus if you have a dev-staging-prod environment, you will need three licenses (with discounts applicable on pre-production environments). If you are facing any difficulty in choosing the suitable plan or have any custom requirements regarding API integration in your WordPress site, do contact us at apisupport@xecurify.com

ESSENTIAL

(Basic, API Key, JWT)

^$199_/Year

Protect default WP APIs with :
- Basic Authentication
- API Key Authentication
- JWT Authentication
Setup Single Authentication method
Role-based Access to APIs
Configurable API Protection
Custom Token Expiry
HSA & RSA Signature Validation

ADVANCED

(OAuth 2.0, OAuth Token)

^$299_/Year

Essential Plan Features +
Protect default WP APIs with :

OAuth 2.0
Token from External Identity Providers

Firebase
Azure
Google
Okta
Any OAuth/OIDC provider.

ALL-INCLUSIVE

(Complete API security)

^$399_/Year

Advanced Plan Features +
Custom-developed REST endpoints
Third-Party plugin API authentication:
- WooCommerce
- Learndash
- Buddyboss
- CoCart
- Gravity Forms etc.
Setup Multiple Authentication methods

Frequently Asked Questions

What is the WordPress REST API Authentication plugin?

The WordPress REST API Authentication plugin allows you to secure the endpoints of the WordPress site by adding authentication methods such as JSON Web Tokens (JWT) and OAuth 2.0, JWT, or API Key. You can enforce stricter access controls and ensure that only authorized users or applications can interact with your site's data via the REST API.

The miniOrange REST API Authentication plugin is especially useful when building applications that need to interact with your WordPress site's data while keeping it secure from unauthorized access or potential attacks.

The WordPress REST API Authentication plugin is beneficial for several reasons, especially if you want to enhance the security and control access to your WordPress site's data when using the WordPress REST APIs.

Why do I need this plugin?

1. Secure Access to REST API Endpoints: By default, the WordPress REST API allows public access to API endpoints, which may expose sensitive information or allow unauthorized modifications to your site's content.

2. Preventing Unauthorized Access: Without authentication, anyone can access the publicly available REST API endpoints, potentially leading to data leaks or misuse of sensitive information. The plugin allows you to restrict access to specific users or authorized applications, reducing the risk of unauthorized access and data breaches.

3. Limiting Access Permissions: The plugin provides the ability to grant different levels of access to different users or applications. You can create specific access roles and permissions for API requests, allowing for granular control over what actions can be performed through the REST API.

4. Enhancing API Security: By implementing industry-standard authentication methods like JWT or OAuth 2.0, the plugin improves the overall security of your WordPress REST APIs. These authentication mechanisms use encryption and tokens to ensure that communication between the client and server is secure and protected against various types of attacks, such as man-in-the-middle attacks and token forgery.

Do I need to pay annually?

The plugin licenses are subscription based and you have to pay annually.

What is the refund policy?

You will be able to claim refund only if the request has been raised within 10 days from the date of purchase, only under the following circumstances:
a) if the software or the features you have purchased is not working as advertised on the website/ marketplace and you have attempted to resolve the issues with our support team;
b) you have purchased the wrong license or Xecurify/miniOrange product and informed us within a period of 10 days from your purchase; Please read more about the Refund Policy.

Does miniOrange offer technical support?

Yes, we provide 24*7 support for all and any issues you might face while using the plugin, which includes technical support from our developers. You can get prioritized support based on the Support Plan you have opted. You can check out the different Support Plans from here.

Does miniOrange store user data?

miniOrange does not store or transfer any data related to the user’s security token and keys generated by the plugin. All the data remains within your premises/server. We do not provide the developer license for our paid plugins and the source code is protected. It is strictly prohibited to make any changes in the code without having written permission from miniOrange. There are hooks provided in the plugin which can be used by the developers to extend the plugin's functionality.

See what our Customers Have to Say

wordpress rest api authentication| Reviews

wordpress rest api authentication | What Customers have to says

Excellent Plugin and Fantastic support

I got an email from developers of the plugin and they took me on a zoom call and resolved my issue in just few minutes. I was not expecting such an immediate and excellent response for a free support call. Thanks for your immediate help and resolving my issues with your plugin. My best wishes to you.

Great support!

I use the free version of the plugin to protect and authorize my site’s REST API. It’s a great plugin and I’m completely satisfied with it. Recently I had a technical issue and Sharshdeep Saluja from support solved it the very next day. Wow, I didn’t expect such a fast response! Great job, thank you very much!

Great plug-in

There is no other plug-in on the market that did this with the level of ratings and tech-support. I had to contact the team several times and they were highly responsive and helpful. Highly recommended... Read More

Gold Star Support

I would confidently recommend this plugin, or any others that this company offers. I know that my clients would be well supported, and that the technology would work... Read More

Want to Schedule a Demo?

Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again

Single Sign On

SAML Service Provider

OAuth/OpenId Connect Client (SSO)

Social Login Social Sharing

Headless Single Sign-On

SAML Identity Provider

OAuth/OpenId Connect Server

Login using YourMembership

Auto Login and Register using JWT

Multi-Factor Authentication (MFA)

Two Factor Authentication

WooCommerce Password Reset Over OTP

OTP Over Phone Call

Bulk SMS/WhatsApp Notification

OTP Verification

Limit OTP Request

Receive OTP and Notifications on WhatsApp

LDAP/Active Directory Integrations

LDAP/Active Directory Integration for WordPress

WP Staff/Employee Search Directory for Active Directory

LDAP/AD Integration for Cloud & Shared Hosted WordPress

Forms Integration with Active Directory for WordPress

Office365 Integration

SharePoint WordPress

PowerBI WordPress Integration

Outlook and MS Teams Integration

Azure AD / Office 365 app Integrations

Dynamics CRM 365 WordPress Integration

WooCommerce Integration

WooCommerce Product Sync

WooCommerce Integrator

Dynamics CRM 365 WordPress Integration

Salesforce WooCommerce Integrations

Decentralised ID

Digital ID Login

Web3 WordPress Authentication

WordPress Web3 Suite

WordPress NFT Marketplace

WordPress Smart Contracts

Add-Ons

Page and Post Restriction

LearnDash Integrator

WooCommerce Integrator

SSO Login Audit

Paid Membership Pro integrator

Media Restriction

BuddyPress Integrator

WordPress Discord Integrator

Guest User Login

SCIM User Provisioning

MemberPress Integrator

SSO Session Management

Attribute based redirection

Other Plugins

REST API Authentication

Custom API for WordPress

WordPress Online Proctoring for LMS

No Code Automation

Object Data Sync for Salesforce

WP User Sync Integration for Third Party Apps

WP User and Login Management

Management tool for Web Agency

Single Sign On

SAML SSO

Crowd SSO

Kerberos / NTLM SSO

Helpdesk SSO Integration

OAuth/OpenID SSO

Git Authentication

Advance SSO Option

Help & Support

User Management

SCIM Provisioning

WORD/PDF Exporter

Project Config Manager

Bulk User Management

Centralized License Manager

Custom User Profile

Help & Support

Security