I’ve used the WordPress REST API to run batch content migrations and run into frustrations with authenticating my API requests. By default, read-only operations are publicly accessible but write operations require authentication. The official docs only show cookie-based authentication, I will demonstrate 2 additional methods of authentication with the REST API.
- WordPress installed with Apache
- Access to WP CLI and .htaccess
This tutorial assumes that WordPress is running on http://localhost/
Method 1: Basic Auth Plugin
- Verify that REST API is running, this should return a 200 response.
2. Install the latest version
wp plugin install https://github.com/WP-API/Basic-Auth/archive/master.zip --activate
3. Modify htaccess
Method 2: JWT Auth Plugin
- Install and activate
wp plugin install jwt-authentication-for-wp-rest-api --activate
2. Modify htaccess
Integrating with node-wpapi
- Add a helper function
- Store JWT in header