WordPress REST API OAuth 2.0 Authentication Method involves the use of OAuth protocol to obtain the access or Id token and that token will be used to authenticate the REST APIs. Each time a request to access the API will be made, the authentication will be done against that access token/id token, and on the basis of the verification of that API token, the resources for that API request will be allowed to access.
Download And Installation
- Log into your WordPress instance as an admin.
- Go to the WordPress Dashboard -> Plugins and click on Add New.
- Search for a WordPress REST API Authentication plugin and click on Install Now.
- Once installed click on Activate.
WordPress REST API OAuth 2.0 using Password Grant:
- Select REST API Authentication method → OAuth 2.0 and OAuth 2.0 Grant Type → Password Grant and Token Type → Access Token/JWT Token based on your choice and click on Save Configuration.
- Once you click on the save configuration, you will get the Client ID, Client Secret and Token Endpoint.
- Here you would need to make two calls:
I : Get the Token
- To get the access token/JWT Token, you would need to make an API Call to Token endpoint as below
Request: POST https://<domain-name>/wp-json/api/v1/token
Body:
grant_type = <password>
username = <wordpress username>
password = <wordpress password>
client_id = <client id>
Using Refresh Token
Request: POST https://<domain-name>/wp-json/api/v1/token
Body:
grant_type = <password>
refresh_token = <Refresh Token>
II : Send API Request
- Once you get the access_token / id_token, you can use it to request the access to the WordPress REST APIs as shown below:
Request: GET https://<domain-name>/wp-json/wp/v2/posts
Header:
Authorization : Bearer <access_token /id_token>
NOTE:Above token is valid for 1 hour by default. Users have to create a token each time they want to request the API access.
WordPress REST API OAuth 2.0 using Client Credentials Grant:
- Select REST API Authentication method → OAuth 2.0 and OAuth 2.0 Grant Type → Client Credentials Grant and Token Type → Access Token/JWT Token based on your choice and click on Save Configuration.
- Once you click on the save configuration, you will get the Client ID, Client Secret and Token Endpoint.
- Here you would need to make two calls:
I : Get the Token
- To get the access token/JWT Token, you would need to make an API Call to Token endpoint as below
Request: POST https://<domain-name>/wp-json/api/v1/token
Body:
grant_type = <client_credentials>
client_id = <client id>
client_secret = <client secret>
Using Refresh Token
Request: POST https://<domain-name>/wp-json/api/v1/token
Body:
grant_type = <refresh_token>
refresh_token = <Refresh Token>
II : Send API Request
- Once you get the access_token / id_token, you can use it to request the access to the WordPress REST APIs as shown below:
Request: GET https://<domain-name>/wp-json/wp/v2/posts
Header:
Authorization : Bearer <access_token /id_token>
NOTE:Above token is valid for 1 hour by default. Users have to create a token each time they want to request the API access.
Check out the developer documentation for more details.
Postman Samples:
- OAuth 2.0 password Grant method:
- Sample request to obtain token:
- You can download the postman request sample from here.
- Now extract the zip file and import the extracted json file into the postman application.
- Example
- Sample request format to request resources using the token obtained in the last step.
- You can download the postman request sample from here.
- Now extract the zip file and import the extracted json file into the postman application.
- Example
- OAuth 2.0 Client Credentials Grant Method:
- Sample request to obtain token:
- You can download the postman request sample from here.
- Now extract the zip file and import the extracted json file into the postman application.
- Example
- REST API request to obtain the actual resource:
- You can download the postman request sample from here.
- Now extract the zip file and import the extracted json file into the postman application.
- Example
Need Help?
Mail us on oauthsupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.
