Following are some settings that provide more control over the API Authenticaion.
By default, Authorization header is used to send the authentication data. If you want to authenticate the REST APIs in a more secure way, you can set a Custom Header of your choice.
Role Based Restriction
You can restrict the access to only specific roles using this feature. You just have to select the roles for which you want to allow the access.
Token Expiry Configuration
If you are using the JWT or OAuth 2.0 Authentication, the default expiry time of the token that you are using to authenticate is 60 mins for Access Token and 14 days for Refresh Token. You can configure these values to set the expiry time of your choice.
Exclude REST APIs
If you want some of the REST APIs to be accessbile publically, you can enter the pattern of such APIs so that authentication will be skipped for those APIs thereby making them accessbile publically.
Protected REST APIs
This will show all the REST APIs that are restricted from accessing publically. You can uncheck the specific REST APIs for which you want to allow public access.
Custom API integration
We also provide the restricted access to any Custom APIs like WooCommerce, BuddyPress, WP Project Manager, etc.