WordPress REST API Authentication

Omschrijving

WordPress REST API Authentication plugin secures the unauthorized access to your WordPress site using different authentication credentials verification. This plugin doesn’t requires much configuration.

There are multiple ways to secure a REST APIs e.g. basic auth, OAuth, JWT etc. but one thing is sure that RESTful APIs should be stateless – so request authentication/authorization should not depend on cookies or sessions. Instead, each API request should come with some sort authentication credentials which must be validated on the server for each and every request.

REST API Authentication Methods:
* Basic Authentication
1. Using Username & Password
2. Using Client-ID & Client-Secret
* API Key Authentication (Authentication with Randomly Generated Key )
* JWT Authentication / JSON Web Tokens Authentication
* OAuth 2.0 Authentication
1. Client Credentials
2. Password grant
* API Authentication for Third Party Provider( using Introspection Endpoint / User Info Endpoint )

FEATURES:
* Supports Basic Auth (Basic Authentication), API Key, OAuth 2.0, JWT Authentication methods
* Validates Signature for json web tokens (jwt)
* Allows to access all type of posts/pages based on User’s WordPress Role & Capability
* Allows to Authenticate your WordPress site / REST API with token (access token / jwt token) provided by your OAuth Provider ( Third Party Provider )
* Supports WooCommerce API Authentication

Privacy

This plugin does not store any user data.

Schermafdrukken

  • List of API Authentication Methods
  • List of Protected WP REST APIs
  • Advanced Settings
  • Custom API Integration

Installatie

This section describes how to install the WordPress REST API Authentication and get it working.

From your WordPress dashboard

  1. Visit Plugins > Add New
  2. Search for REST API Authentication. Find and Install api authentication plugin by miniOrange
  3. Activate the plugin

From WordPress.org

  1. Download WordPress REST API Authentication.
  2. Unzip and upload the wp-rest-api-authentication directory to your /wp-content/plugins/ directory.
  3. Activate WordPress REST API Authentication from your Plugins page.

FAQ

What is the use of API Authentication

The REST API authentication prevents the unauthorized access to your WordPress API’s.
It reduces potential attack factors

How does this plugin work?

You just have to select your Authentication Method.
Based on the method you have selected you will get the authorization code/token after sending the token request.
Access your REST API with code/token you received in previous step.

How to access draft posts?

You can access draft posts using Basic Auth, OAuth 2.0(using Username:Password) methods. Pages/posts are need to access with the status. Default status used in request is ‘Publish’ and any user can access Published post.
To access the pages/posts stored in draft, you need to append the ?status=draft to the page/post request.
For Example:
You need to use below URL format while sending request to access different type of posts
1. Access draft posts only
https://localhost:8080/wp-json/wp/v2/posts?status=draft
2. Access all type of posts
https://localhost:8080/wp-json/wp/v2/posts?status=any
You just have to change the status(draft, pending, any, publish) as per your requirement. You do not have to pass status parameter to access Published posts.

I am not able to access some APIs?

The below list of WP REST APIs are protected and allowed for authorized access in free plugin:
1. /wp/v2/posts
2. /wp/v2/comments
3. /wp/v2/media
We have allowed authorized access to other WP REST APIs in premium versions.

Beoordelingen

10 november 2020
Purchased this plugin as an easy way to add auth to a simple WP REST API we have in a mobile app – super easy, had a few server side issues with initial set-up but they helped us sort and were very responsive. Would recommend this plugin for any WP REST API that needs basic auth.
10 november 2020
I had an issue using the plugin in the first place. Then I contacted the support. They came back really quick and point out that was due to Authentication header restriction on my server. Eventually the support guys helped me solved the problem during video meeting. Great support appreciated!
15 oktober 2020
I was trying to use this plugin to connect and create posts using HTTP requests. I wasn't sure what the problem is that was blocking the request. On single request Support was kind enough to get on a meeting call and solved this for me!!! for any queries you can easily text them from the plugin page.
18 september 2020
The functionality and capabilities of the plugin are great. Response of support team with setting up mapping of multiple roles was very quick and helpful.
17 september 2020
I recently contacted the support team for a problem related to authentiction and they solved my problem in a very good way even if the problem was not in a bug of the plugin but in an Apache webserver misconfiguration. Thank you, I can only suggest this plugin to everybody.
14 september 2020
We needed a way to authenticate REST calls against our own OAUTH2.0 server. Since we were already using the OAUTH Client, contacted miniOrange. The customized their REST API client in a few days and now we have wordpress REST APIs also using our own OAUTH Server. It works perfectly.
Lees alle 20 beoordelingen

Bijdragers & ontwikkelaars

“WordPress REST API Authentication” is open source software. De volgende personen hebben bijgedragen aan deze plugin.

Bijdragers

Changelog

1.3.9

  • Minor Bugfix

1.3.8

  • Added compatibility for WP 5.5

1.3.7

  • Bundle plan release
  • Minor Bugfix

1.3.6

  • Added compatibility for WP 5.4

1.3.5

  • Minor Bugfix

1.3.4

  • Minor Bugfix

1.3.2

  • Minor Bugfix

1.3.1

  • Minor Fixes

1.3.0

  • Added UI Changes
  • Updated plugin licensing
  • Added New features
  • Added compatibility for WP 5.3 & PHP7.4
  • Minor UI & feature fixes

1.2.1

  • Added fixes for undefined getallheaders()

1.2.0

  • Added UI changes for Signing Algorithms and Role Based Access
  • Added Signature Validation
  • Minor fixes

1.1.2

  • Added JWT Authentication
  • Fixed role based access to REST APIs
  • Fixed common class conflicts

1.1.1

  • Fixes to Create, Posts, Update Publish Posts

1.1.0

  • Updated UI and features
  • Added compatibility for WordPress version 5.2.2
  • Added support for accessing draft posts as per User’s WordPress Role Capability
  • Allowed Logged In Users to access posts through /wp-admin Dashboard

1.0.2

  • Added Bug fixes

1.0.0

  • Updated UI and features
  • Added compatibility for WordPress version 5.2.2