In this article we will cover how to use WP OAuth Server and OAuth2 to make authenticated requests to WP REST API.

Currently with WP OAuth Server and WP REST API, you MUST either use OAuth or traditional cookies (normal WP login). You CAN NOT use both at the same time. When using WP OAuth Server, ensure you are logged out of WordPress.

How to authenticate?

The first thing that we will need to do is download WP OAuth Server from our account. If you do not have WP OAuth Server, you will need to download it by visiting https://wp-oauth.com/downloads/wp-oauth-server/.

Once we have WP OAuth Server installed we can start the process below.

1. Create a Client

Lets navigate to our WordPress admin area. With WP OAuth Server installed we will see a link in the main navigation label “OAuth Server”. By hovering over this link we will be presented the link to create a new client.

Let give our client a name and select the grant types that we will need to use. Once we have created the our client, we will need to make a copy of the “Client ID” and “Client Secret“. We will need to use this information to gain an access token.

2. Obtaining an Access Token

How we obtain an access token is dependent our project. In this article, we will be obtaining an access token using the “User Credentials” grant type. We will need to download “POSTMAN“. Once you have Postman installed, we will need to start configuring it. Check out the following article for details using Postman.

3. Using the Access Token

Now that we have an access token, we can use this token to make authorized calls to the WP REST API. There is two ways that we can pass an access token to the API.

  1. In the URL
  2. Using a Bearer Token

Example

For simplicity of this article lets use the URL method to send our access token. Below is a simple call to the REST API to retrieve post revisions.

HTTP 1.1 GET

https://{server_url}/wp-json/posts/{post_id}/revisions?access_token={access_token}

Success

If you receive an error about not being authorized to make the call, ensure that you are logged out of WordPress.

If you have any questions, please submit a support request.