Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Your Contact E-mail

What are you looking for

How can we help you?

API Key Authentication

The API Key Authentication is one of the simplest method to protect WordPress REST APIs. Once you generate the Bearer Token / API Key you can use it to secure your WordPress page / post. Users who have this Bearer Token can easily access WordPress REST APIs.

In every REST API request it should contain a Authorization Header or you can set a custom Header which will contain a Bearer Token type and the API Key value. So, whenever a client application will make a request to get resources it must contain the Header which have a Valid API Key to authenticate. You can check out the sample request to get all WordPress posts / blogs.

User specific API Key authentication

In default API Key authentication, only GET request can be made, if POST request is to be made, the user needs to be authenticated in WordPress and should have the capabilities to perform those actions. This is where User specific API Key authentication comes into play. Based on the capabilities of the user, he can perform the actions.

Sample Request

    Request: GET /wp-json/wp/v2/posts
    Header: Authorization : Bearer <token>

The Header is explained below.

Authorization : The HTTP Authorization request header contains the credentials or token type and token value to authenticate a user agent with a server, usually after unsuccessful authentication the server has responded with a 401 Unauthorized status.
Bearer <token-value> : The Bearer <token-value> is created by the Authentication server. When a client application request the authentication server then server authenticate that token and give response to client application accordingly.

cURL
Postman

curl -H "Authorization:Bearer <token-value>" -X GET http://<wp_base_url>/wp-json/wp/v2/posts

Click here to download POSTMAN collection export

The server replies with the requested data as the members of a JSON object.

Success Response

Code	Status	Description
200	SUCCESS	Example model: [{ "id":1, "guid":{ "rendered":"http://<wp_base_url>/?p=1" }, "slug":"hello-world", "status":"publish", "type":"post", "link":"http://<wp_base_url>/hello-world/", "title":{ "rendered":"Hello World" }, "content":{ "rendered":"<p>Welcome to WordPress. This is your first post. Edit or delete it, then start writing!<\/p>", "protected":false },... }]

Error Response

Code	Error	Description
401	INVALID_API_KEY	You will get this error when you have put an invalid API Key or expired API Key. Example Model: { "status":"error", "error":"INVALID_API_KEY", "code":"401" , "error_description":"Sorry, you are using invalid API Key." }
401	MISSING_AUTHORIZATION_HEADER	You will get this error whenever you don't send Header in the API request or It was removed by your server due to some reasons. Example Model: { "status":"error", "error":"MISSING_AUTHORIZATION_HEADER", "code":"401" , "error_description":"Authorization header not received. Either authorization header was not sent or it was removed by your server due to security reasons." } NOTE - This error may occur because of server environment, your server may removed your Authorization header due to security reasons. - If you are using Apache server then put the below line in your htaccess file after the RewriteBase. RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.) RewriteRule . - [e=HTTP_AUTHORIZATION:%1] - If you are using NGINX server then put the below line in your conf file. add_header Access-Control-Allow-Headers "Authorization";
401	INVALID_AUTHORIZATION_HEADER_TOKEN_TYPE	You will get this error whenever you send the Authorization header but in header you are sending the wrong token type. Example Model: { "status":"error", "error":"INVALID_AUTHORIZATION_HEADER_TOKEN_TYPE", "code":"401" , "error_description":"Authorization header must be type of Bearer Token." }