WP OAuth Server is designed to integrate smoothly with the WordPress REST API and all the routes.
Authorizing is easy and utilizes header authentication or body authentication. This request is very similar to basic authentication but a lot more secure since user information is not being passed through any requests. This article is going to assume that you have already authenticated a user and retrieved an access token. Unlike basic authentication where you must send username and password, you only have to present the access token.
The WP OAuth Server plugin add Bearer Token support to the WP REST API allowing access tokens to securely make requests on a users behalf without exposing any sensitive information.
For the following example, the client has authorized a user and stored the access token “123456789abcdefg”. The client would then only have to use the following authentication header to make the call.
The authorization works by using the current_user_can check for capabilities. When an authorization header is sent, the system applies the correct user and their capabilities to the request as if they are logged in. WordPress API functionality does the rest.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.