WP REST API Authentication | WordPress OAuth Codex

WP REST API Authentication

Documentation under "General" for WP OAuth Server

WP REST API Authentication

The REST API for WordPress has public and protected endpoints. By default, protected endpoints require a user to be authenticated and WordPress only supports cookie-based authentication. Using WP OAuth Server, protected endpoints can be accessed using an access token via OAuth2.

Generating an Access Token

In order to obtain an access token, you will have to decide what grant type your application can use. You can view the variety of grant types available with WP OAuth Server at https://wp-oauth.com/docs/general/grant-types/. All grant types will provide a valid access token required to make an authenticated request to the REST API.

How to make an authenticated request to the WP REST API

Authorizing for the WordPress REST API can be done through header authentication. This request is very similar to basic authentication. The WP OAuth Server plugin adds Bearer Token Authentication support to the WP REST API. Simply pass an access token in the header as a Bearer Token during any request to the REST API. If the access token is valid, the requests will be authenticated.

Bearer: 123456789abcdefg

The authorization works by using the current_user_can function to check for capabilities. When an authorization header is sent, the system applies the correct user and their capabilities to the request as if they are logged in.

Search Documentation

General Articles

Below is a list of "General" documentation articles.

OAuth Server 3.9.0

WP OAuth Server Pro allows for Unlimited clients and multiple grant types.