REST API

The WPUser WordPress REST API provides API endpoints for WordPress data types that allow developers to interact with sites remotely by sending and receiving JSON  objects.

When you send content to or make a request to the API, the response will be returned in JSON. This enables developers to create, view and update WordPress user from client-side JavaScript or from external applications.

Why use the WPUser WordPress REST API

  • You would not even have to write the applications in PHP: any programming language that can make HTTP requests and interpret JSON can interact with WordPress through the REST API, from Node.js to Java, Android, ios and beyond.
  • Authentication: authorize your REST API requests so that you can create, update and delete your data
  • While cookie authentication is the only authentication mechanism available natively within WordPress, for remote applications like mobile APP you can use WPUser for create token and authentication.
  • WPUser use JSON Web Tokens Authentication as an authentication method.

Requirment

WP User Plugin

Minimum PHP version: 5.3.0

PHP HTTP AUTHORIZATION HEADER ENABLE

Most of the shared hosting has disabled the HTTP Authorization Header by default.

To enable this option you’ll need to edit your .htaccess file adding the follow

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

Setting

After Activate WP User plugin REST API and authentication method is disable. You need to activate setting

For Extends the WP REST API using JSON Web Tokens Authentication as an authentication method you need to enable setting.

Go to Dashboard->WP User ->REST API
1) Click on ‘Enable REST API’ check box.
2) Click on ‘Update’ for Save setting

If you want access REST API only for your application and prevent these API access from outsite word then you can do using following setting

Go to Dashboard->WP User ->REST API
1) Click on ‘Enable API Key Auth Verification’ check box.
2) Click on ‘Update’ for Save setting
REST API Key – generate at the time of plugin installation. You can change this API Key any time.

You need to pass api_key parameter in every request header (header name -api_key) if Enable API Key Auth Verification setting.

To enable this option you’ll need to edit your .htaccess file adding the follow

RewriteCond %{HTTP:API_KEY} ^(.*)
RewriteRule ^(.*) - [E=API_KEY:%1]

User first sign/login using login API  (using. username and password,).

The login API  creates the JWT and sends it to the user.

When the user makes API calls to the application, the user passes the JWT along with the API call in header (header name – authorization).

When the user makes API calls with the attached JWT, the application can use the JWT to verify that the API call is coming from an authenticated user.

Following REST API List supported by WP User :