WordPress REST API OAuth 2.0 Authentication Method



WordPress REST API OAuth 2.0 Authentication Method involves the use of OAuth protocol to obtain the access or Id token and that token will be used to authenticate the REST APIs. Each time a request to access the API will be made, the authentication will be done against that access token/id token, and on the basis of the verification of that API token, the resources for that API request will be allowed to access.

Download And Installation

  • Log into your WordPress instance as an admin.
  • Go to the WordPress Dashboard -> Plugins and click on Add New.
  • Search for a WordPress REST API Authentication plugin and click on Install Now.
  • Once installed click on Activate.

WordPress REST API OAuth 2.0 using Password Grant:

  • Select REST API Authentication method → OAuth 2.0 and OAuth 2.0 Grant Type → Password Grant and Token Type → Access Token/JWT Token based on your choice and click on Save Configuration.
  • WordPress REST API OAuth 2.0 Authentication method
  • Once you click on the save configuration, you will get the Client ID, Client Secret and Token Endpoint.
  • Here you would need to make two calls:
  • I : Get the Token

    • To get the access token/JWT Token, you would need to make an API Call to Token endpoint as below
    • Request: POST https://<domain-name>/wp-json/api/v1/token
      Body:
      grant_type = <password>
      username = <wordpress username>
      password = <wordpress password>
      client_id = <client id>
      
    • Using Refresh Token
    • Request: POST https://<domain-name>/wp-json/api/v1/token
      Body:
      grant_type = <password>
      refresh_token = <Refresh Token>
      

    II : Send API Request

    • Once you get the access_token / id_token, you can use it to request the access to the WordPress REST APIs as shown below:
    • Request: GET https://<domain-name>/wp-json/wp/v2/posts
      
      Header: 
      Authorization : Bearer <access_token /id_token>
      
    • NOTE:Above token is valid for 1 hour by default. Users have to create a token each time they want to request the API access.

WordPress REST API OAuth 2.0 using Client Credentials Grant:

  • Select REST API Authentication method → OAuth 2.0 and OAuth 2.0 Grant Type → Client Credentials Grant and Token Type → Access Token/JWT Token based on your choice and click on Save Configuration.
  • WordPress REST API OAuth 2.0 Authentication method using jwt
  • Once you click on the save configuration, you will get the Client ID, Client Secret and Token Endpoint.
  • Here you would need to make two calls:
  • I : Get the Token

    • To get the access token/JWT Token, you would need to make an API Call to Token endpoint as below
    • Request: POST https://<domain-name>/wp-json/api/v1/token
      Body:
      grant_type = <client_credentials>
      client_id = <client id>
      client_secret = <client secret>
      
    • Using Refresh Token
    • Request: POST https://<domain-name>/wp-json/api/v1/token
      Body:
      grant_type = <refresh_token>
      refresh_token = <Refresh Token>
      

    II : Send API Request

    • Once you get the access_token / id_token, you can use it to request the access to the WordPress REST APIs as shown below:
    • Request: GET https://<domain-name>/wp-json/wp/v2/posts
      
      Header: 
      Authorization : Bearer <access_token /id_token>
      
    • NOTE:Above token is valid for 1 hour by default. Users have to create a token each time they want to request the API access.
  • Check out the developer documentation for more details.

Postman Samples:

  • OAuth 2.0 password Grant method:
    • Sample request to obtain token:
    • You can download the postman request sample from here.
    • Now extract the zip file and import the extracted json file into the postman application.
    • WordPress REST API OAuth 2.0 Authentication method postman implementation
    • Example
    • WordPress REST API OAuth 2.0 Authentication method postman replace url actual resource
  • Sample request format to request resources using the token obtained in the last step.
  • You can download the postman request sample from here.
  • Now extract the zip file and import the extracted json file into the postman application.
  • WordPress REST API OAuth 2.0 Authentication method postman implementation
  • Example
  • WordPress REST API OAuth 2.0 Authentication method postman replace url actual resource
  • OAuth 2.0 Client Credentials Grant Method:
    • Sample request to obtain token:
    • You can download the postman request sample from here.
    • Now extract the zip file and import the extracted json file into the postman application.
    • WordPress REST API OAuth 2.0 Authentication method postman implementation
    • Example
    • WordPress REST API OAuth 2.0 Authentication method postman replace url actual resource
  • REST API request to obtain the actual resource:
    • You can download the postman request sample from here.
    • Now extract the zip file and import the extracted json file into the postman application.
    • WordPress REST API OAuth 2.0 Authentication method postman implementation
    • Example
    • WordPress REST API OAuth 2.0 Authentication method postman url actual resource

Need Help?

Mail us on oauthsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.


Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com