WordPress REST API Basic Authentication Method



WordPress REST API Basic Auth / Authentication Method involves the REST APIs access on validation against the API token generated based on the user’s username,password and on basis of client credentials. Each time a request to access the API will be made, the authentication will be done against that token, and on the basis of the verification of the API token, the resources for that API request will be allowed to access.

Download And Installation

  • Log into your WordPress instance as an admin.
  • Go to the WordPress Dashboard -> Plugins and click on Add New.
  • Search for a WordPress REST API Authentication plugin and click on Install Now.
  • Once installed click on Activate.

Use Case: Protect/secure WordPress REST API Endpoints access using Basic Authentication.

    1. By User credentials:

    Suppose you have one Android/IOS Blog Application and you have given capabilities to your users to post their personal feeds or blogs using mobile applications. In this case, your mobile application requests should be authenticated. Basic Authentication with username and password method appropriate for this situation where your users will be in Authorization Header. It will authenticate the user's request and assign blogs to them respectively.


    WordPress REST API Basic Authentication method using user credentials

    2. By Client credentials:

    Suppose you have one Android/IOS Blog Application and you want to sign up new users from the client application. Now, In this case, you can use Basic Authentication with username: password but you don't want to send admin users into your header and at each request, there will be two users present. First one Admin user (In Authorization header) and the other one new user which is going to create. In that case, you should use Basic Authentication with a client ID and client secret where your admin user is also safe, and at each request, you don't have to put two users. Hence security is not a concern.


    WordPress REST API Basic Authentication method using client credentials

REST API Basic Auth using UserName & Password :

  • Select your Authentication method ➔ Basic AuthAuthentication Key ➔ Username:Password and click on Save Configuration.
  • WordPress REST API Basic Authentication method using username and password
  • After you save the REST API Basic Auth Configuration, to access the WordPress REST APIs, you need to send a REST API request with your respective Authorization Key. You need to use the request format as shown below.
  • Request: GET https://<domain-name>/wp-json/wp/v2/posts
    Header: Authorization : Basic base64encoded <username:password>
    
    Sample request: GET https://<domain-name>/wp-json/wp/v2/posts
    Header: Authorization : Basic eGw2UllOdFN6WmxKOlNMRWcwS1ZYdFVrbm5XbVV2cG9RVFNLZw==
    Example =>  username : testuser and password : password@123
    
    
  • Php base64_encode(string) function for base64 encoding can be used as follows:
  • base64_encode(‘testuser:password@123’) will result into 
    ‘eGw2UllOdFN6WmxKOlNMRWcwS1ZYdFVrbm5XbVV2cG9RVFNLZw==’ as output.

REST API Basic Auth using Client ID and Client secret :

  • Select your Authentication method → Basic Auth and Authentication Key → Client-ID:Client-Secret and click on Save Configuration.
  • WordPress REST API Basic Authentication method using client-id and client-secret
  • After you save the REST API Basic Auth Configuration, to access the WordPress REST API endpoints, you need to send a REST API endpoint request with your respective Authorization Key. You need to use the request format as shown below.
  • Request: GET https://<domain-name>/wp-json/wp/v2/posts
    Header: Authorization : Basic base64encoded <client-id:client-secret>
    
    Sample request: GET https://<domain-name>/wp-json/wp/v2/posts
    Header: Authorization : Basic eGw2UllOdFN6WmxKOlNMRWcwS1ZYdFVrbm5XbVV2cG9RVFNLZw==
    Example => Client ID : pSYQsKqTndNVpNKcnoZd and Client Secret = SrYPTViHdCbvkWyTfWrSltavTMeJjaOHCye
    
    
  • Php base64_encode(string) function for base64 encoding can be used as follows:
  • base64_encode(‘pSYQsKqTndNVpNKcnoZd:SrYPTViHdCbvkWyTfWrSltavTMeJjaOHCye’) will results into 
    cFNZUXNLcVRuZE5WcE5LY25vWmQ6U3JZUFRWaUhkQ2J2a1d5VGZXclNsdGF2VE1lSmphT0hDeWU= as output.
  • Check out the developer documentation for more details.

Postman Samples:

    Follow the steps below to make REST API request using Postman:

  • Click on the Postman Samples tab in the plugin.
  • WordPress REST API Basic Authentication method postman implementation
  • A JSON file will be auto downloaded.
    • a) For Username-Password
    • WordPress REST API Basic Authentication method postman JSON file for username : password
    • Import the downloaded JSON file into the Postman Application as shown below.
    • WordPress REST API Basic Authentication method postman import JSON file
    • Once you import the json file, click on the REST API request under the Collections as shown in the last figure. Replace the <wp_base_url> with your Wordpress domain in the http://<wp_base_url>/wp-json/wp/v2/posts and replace the base64encoded <username:password> in the header with the base encoded value.
    • WordPress REST API Authentication key method postman replace base url
    • a) For Client ID and Client Secret
    • WordPress REST API Basic Authentication method postman JSON file for client id and client secret
    • Import the downloaded JSON file into the Postman Application as shown below.
    • WordPress REST API Basic Authentication method postman import JSON file
    • Once you import the json file, click on the REST API request under the Collections as shown in the last figure. Replace the <wp_base_url> with your Wordpress domain in the http://<wp_base_url>/wp-json/wp/v2/posts and replace the base64encoded <clientid:clientsecret> in the header with the base encoded value.
    • WordPress REST API Basic Authentication method postman replace base url

Need Help?

Mail us on oauthsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.


Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com