REST API Authentication for WP – JWT Auth, Basic Auth and more

WordPress REST API endpoints are open and unsecured by default through which anyone can access your site data. With our REST API Authentication for WP plugin, secure your WordPress APIs from unauthorized users.

Protect WP REST API endpoints from public access by:
– JWT Authentication
– Basic Authentication
– API Key Authentication
– OAuth 2.0 Authentication
– External Token based Authentication 2.0/OIDC/JWT/Firebase provider’s token authentication methods.

Benefits of Refresh Token

• Enhances security by keeping access tokens short-lived.
• Improves user experience with uninterrupted sessions.
• Reduces login frequency.

Benefits of Revoke Token

• Protects against token misuse if a device is lost or compromised.
• Enables admin-triggered logouts or session control.
• Useful for complying with stricter session policies.

This plugin will make sure that only after successful authentication, the user is allowed to access your site’s resources. REST API Authentication will make your WordPress endpoints secure from unauthorized access.

Along with the default and standard WordPress REST API endpoints, with REST API Authentication for WP, you can authenticate custom-developed REST endpoints and third-party plugin REST API endpoints like that of Woocommerce, Learndash, Buddypress, Gravity Forms, CoCart, etc.

REST API Authentication Methods in our WordPress plugin

• JWT Authentication
  To maintain a seamless user experience without frequent logins needed due to token expiry, you can use our Refresh and Revoke token mechanisms feature.
  When the access token expires, instead of forcing the user to log in again, the client can request a new access token using a valid refresh token.
• API Key Authentication
• Basic Authentication:
  – 1. Username: Password
  – 2. Client-ID: Client-Secret
• OAuth 2.0 Authentication [Most Secure]
  – 1. Password Grant
  – 2. Client Credentials Grant
• Third Party Provider Authentication

Following are some of the integrations that are possible with REST API Authentication:

Learndash API Authentication

• This plugin allows you to securely access Learndash user profiles, courses, groups & other Learndash API endpoints.

Custom Built REST API Endpoints Authentication

• The plugin supports authentication for your own built custom REST API routes/endpoints. You can secure these API endpoints using the plugin’s highly secured authentication methods.

BuddyPress API Authentication

• Securely access BuddyPress REST API endpoints via authentication using different authentication methods like JWT token (JSON Web Token), API Keys etc.

WooCommerce API Authentication

• REST API Authentication for WP allows you to authenticate the WooCommerce store APIs with your mobile or desktop application & extend the features and functionality of your eCommerce store.

Gravity Form API Authentication

• This plugin supports interaction with Gravity Forms from an external client application which can be your Android/iOS application.

External/Third-party plugin API endpoints integration in WordPress

• These integrations can be used to fetch/update the data from the third-party side into WordPress that can be used to display it on the WordPress site as well, and this data can be processed further to use with any other plugin or WordPress events.

FEATURES

FREE PLAN

• Authenticate only default WordPress REST API endpoints.
• Basic Authentication with username and password.
• JWT Authentication (JSON Web Token Authentication).
• Selective API protection.
• Restrict non-logged-in users to access REST API endpoints.

PREMIUM PLANS

• Authenticate all REST API endpoints (Default WP, Custom APIs,Third-Party plugins)
• JWT Token Authentication (JSON Web Token Authentication)
• **Refresh and Revoke token endpoints
• API Key Authentication
• Basic Authentication (username/password and email/password)
• OAuth 2.0 Authentication
• Universal API key and User-specific API key for authentication
• Selective API protection.
• Time-based token expiry
• Role-based authentication
• Custom Header support rather than just Authorization to increase security.
• Create users in WordPress based on third-party provider access tokens (JWT tokens) authentication.

Our Other Popular REST API Integrations

• Custom API for WP plugin to create and connect external APIs to your WordPress site.

• Sync products to WooCommerce | Import WooCommerce products using API to connect to your Supplier, Inventory, ERP, and CRM APIs to sync the products to your WooCommerce store with all the product data automatically.

• Sync Custom Posts using External API to automatically sync the data to custom posts in WordPress from the external REST API data.

• WordPress JWT Single Sign-On (SSO) Auto login to sync user sessions or auto-login to WordPress and other connected sites

Privacy

This plugin does not store any user data.