WP REST API Authentication | WordPress OAuth Codex

WP REST API Authentication

Documentation under "General" for WP OAuth Server

WP OAuth Server is designed to integrate smoothly with the WordPress REST API and all the routes.

Generating an Access Token

In order to obtain an access token, you will have to decide what grant type your application. You can view the variety of grant types available with WP OAuth Server at https://wp-oauth.com/docs/general/grant-types/.

Making an Authenticated Request to the WP REST API

Authorizing against the WordPress REST API can be done through header authentication. This request is very similar to basic authentication. The WP OAuth Server plugin adds Bearer Token support to the WP REST API allowing access tokens to securely make requests on a users behalf without exposing any sensitive information. Simply pass a valid access token in the header as a Bearer Token during any request to the WP REST API.

Bearer: 123456789abcdefg

The authorization works by using the current_user_can check for capabilities. When an authorization header is sent, the system applies the correct user and their capabilities to the request as if they are logged in.

Search Documentation

General Articles

Below is a list of "General" documentation articles.

OAuth Server 3.8.2

WP OAuth Server Pro allows for Unlimited clients and multiple grant types.