JWT Authentication for WordPress REST API

WordPress REST API JWT Authentication Method involves the REST APIs access on validation based on the JWT (JSON Web Token), Each time a request to access the API will be made, the authentication will be done against that JWT token, and on the basis of the verification of that JWT token, the resources for that API request will be allowed to access.

Get this plugin

WordPress REST API Authentication

Download And Installation

Log into your WordPress instance as an admin.
Go to the WordPress Dashboard -> Plugins and click on Add New.
Search for a WordPress REST API Authentication plugin and click on Install Now.
Once installed click on Activate.

Use Case: Secure/Protect or authentication of WordPress REST API Endpoints using the JWT(JSON Web Token).

Suppose you have a mobile/web application and want to allow access to the WordPress REST API endpoints based on the user capabilities such that only users with that particular capability should perform create/update operations while users with other roles can only view that. Then in such cases, you can authenticate the REST API endpoints using the JWT(JSON Web Tokens) obtained in accordance with user credentials and this method allows you to do it very securely. So, making the REST API request with this JWT passed in the Authorization header allows access to the resource/data or provides the capability/authorization to perform WordPress operation that requires particular user capability. This method provides the encryption of the token using 2 methods- HSA or RSA and valid for a limited time. Hence security is not a concern.

WordPress REST API JWT Authentication method using jwt

The flow for WordPress REST API authentication can be achieved using the JWT method is explained below:

1. The WordPress REST API request is made with all the required parameters to obtain the JWT token. The obtained JWT token is provided in encrypted format using the HSA or RSA algorithm hence there will be utmost security.

2. Then the actual WordPress REST API request to access the resource/data or to perform operations with the WordPress database is made with the JWT token obtained in the last step is passed in the Authorization header with the token types as Bearer and our plugin will validate that JWT token and if the validation/authentication is successful then the API requester will be provided with the resource else an error response will be returned. So our plugin will act both as the JWT token provider and the JWT token validator.

Related Usecase:How to make JWT authenticated requests to the WordPress REST API endpoints?
Authentication of Woocommerce/WordPress REST APIs using JWT (JSON Web tokens).

Read Use Cases for the following Rest API Authentication Methods:

1. Basic Authentication

2. API Key Authentication

3. OAuth 2.0 Authentication

4. Third Party Provider Authentication

WordPress REST API JWT Authentication Method:

Select your Authentication method → JWT Authentication and click on Save Configuration.

Here you would need to make two calls:

I : Get the JWT Token

To get the JWT Token, you would need to make an REST API Call to Token endpoint as below:

Request: POST https://<domain-name>/wp-json/api/v1/token
Body:
username = <wordpress username>
password = <wordpress password>

II : Send API Request

Once you get the JWT token, you can use it to request access to the WordPress REST APIs as shown below:

Request: GET https://<domain-name>/wp-json/wp/v2/posts

Header: Authorization : Bearer <JWT token>

NOTE: Above token is valid for 1 hour by default. Users have to create a token each time they want to request the API access
Check out the developer documentation for more details.

Postman Samples:

Follow the steps below to make REST API request using Postman:

Click on the Postman Samples tab in the plugin.

WordPress REST API JWT Authentication method postman implementation

A JSON file will be auto downloaded.

WordPress REST API JWT Authentication method postman JSON file

Import the downloaded JSON file into the Postman Application as shown below.
a) REST API Request to obtain the JWT token

Once you import the json file, click on the REST API request under the Collections as shown in the last figure. Replace the <wp_base_url> with your Wordpress domain in the http://<wp_base_url>/wp-json/wp/v2/posts and replace the <wordpress_username> with WordPress username and <wordpress_username> with WordPress password in the body parameters.

WordPress REST JWT Authentication method postman replace base url

Example

WordPress REST JWT Authentication method postman replace base url example

NOTE: Copy the jwt token obtained from response. It will be used in the resource API requests to authenticate.

b) REST API Request to obtain the actual resource

Once you import the json file, click on the REST API request under the Collections as shown in the last figure. Replace the <wp_base_url> with your Wordpress domain in the http://<wp_base_url>/wp-json/wp/v2/posts and replace the <jwt_token> with the jwt token copied from the response obtained after the token request.

WordPress REST JWT Authentication method postman replace base url actual resource

Example

WordPress REST API JWT Authentication method postman replace url actual resource

Need Help?

Mail us on oauthsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.