Basic Authentication

Advertisement

In this article we are going to see how to perform basic authentication requests with plugin JSON Basic Authentication.

Table of Content

Overview Overview

We can perform below operation though Rest API:

  • Retrieve
  • Create
  • Update
  • Delete

For Create, Update or Delete Rest API request we need to authenticate the request.

Quick Note: WordPress provides a Rest API support for post, pages, and custom post types. If your custom post type or taxonomy is not available in Rest API endpoint then see the show_in_rest parameter is set as true while registering the post type. This is applicable same for the custom taxonomies too.

There are multiple ways to authenticate the user to perform these requests.

In this article we are going to perform Basic Authentication request with JSON Basic Authentication.

Note: In WordPress beta plugins list we have plugin Application Passwords. We can use perform the Basic Authentication request without using users’ actual passwords.
Instead of user password Application Passwords provide a way to create multiple applications for each user for a specific purpose.
We can use any application password to perform basic authentication request. You can see all about application passwords.

NOTE: JSON Basic Authentication and Application Passwords are NOT useful production environment. You can use oAuth or oAuth 2 authentication. So, I recommend avoiding using it on production sites.

Top ↑

How to install? How to install?

Follow below steps to install the Basic Authentication.

Download Plugin Zip
  • Go to Plugins > Add new
  • Click on Upload Plugin
  • Click on Choose File and select downloaded plugin zip.
  • And Click on Install Now

See below screenshot for reference:

Install Plugin
  • and finally, click on the Activate button

You can see the plugin after install & activate in pluign list page like:

Top ↑

Examples of Basic Authentications Examples of Basic Authentications

Lets see how to use the Basic Authentication request with practical examples.

Here, I’m using Postman, CURL & wp_remote_post to demonstrate how we can create a new post with Rest API request.

Create a post with Postman Create a post with Postman

  • Open Postman
Open a postman tool for testing Rest API requests.
Open Postman

You will see something like:

Postman showing all the posts from the Rest API endpoint.
Get All Posts

Here, We have not used Basic Authentication request anywhere. We have just get the list of all posts to check the Rest API is enabled or not on our website.

Most of the times Rest API is disabled by security plugins and other plugins like https://wordpress.org/plugins/disable-json-api/


Okay. Now We are able to perform basic authentication request.

In this example we are going to create a new post with Basic authentication.

To create the post we can need to use endpoint http://example.com/wp-json/wp/v2/posts/.

In this example I’m just using only the title field to create a new post title.

You can see all available fields at – https://developer.wordpress.org/rest-api/reference/posts/#create-a-post

Lets follow below steps to create a new post:

  • Set the POST method
  • Add endpoint with title parameter and add post title like – /wp-json/wp/v2/posts/?title=Basic Auth Post 1
  • Select Authentication type Basic auth
  • Add your username
  • Add your password

Note: Here the username and password which we use to login to the website.

  • Click on Send button.

See below screenshot for reference:

Create New Post

Here, We have created a new post with name Basic Auth Post 1.

Our post list listed in draft as below:

New Post in Draft

Note: If you notice that In first screenshot I have use the URL: http://localhost/dev.test/wp-json/wp/v2/posts/ and while creating post I have used http://localhost/maheshwaghmare.com/wp-json/wp/v2/posts/?title=Basic Auth Post 1 because I have installed pluign on my site http://localhost/maheshwaghmare.com/.

Top ↑

Update Site Title with Postman Update Site Title with Postman

I’m using another example in which we are going to update the site title. Basically we update the site title from the Settings > General.

In WordPress we have Rest API endpoint /wp-json/wp/v2/settings/ which allow us to get or update the settings.

Lets update the site title with the help of /wp-json/wp/v2/settings/?title=Hello World Basic Authentication request.

Here I’m just using the title for demonstration. But, You can use other parameters too. See all available parameters list at https://developer.wordpress.org/rest-api/reference/settings/#update-a-site-setting

Below is the screenshot which is taken BEFORE performing Rest API request.

Before Site Title

Now, We are sending the POST request to the /wp-json/wp/v2/settings/ endpoint and pass the title as Hello World.

Update Site Title Request

In below screenshot we can see our site title is change from Mahesh Waghmare with Hello World.

After Site Title

Top ↑

Create a post with CURL Create a post with CURL

Syntax

curl --user "username:password" -X POST -d "title={Post Title}" http://example.com/wp-json/wp/v2/posts/

Example

Output:

{"id":19033,"date":"2020-05-12T14:20:31","date_gmt":"2020-05-12T14:20:31","guid":{"rendered":"http:\/\/localhost\/maheshwaghmare.com\/?p=19033","raw":"http:\/\/localhost\/maheshwaghmare.com\/?p=19033"},"modified":"2020-05-12T14:20:31","modified_gmt":"2020-05-12T14:20:31","password":"","slug":"","status":"draft","type":"post","link":"http:\/\/localhost\/maheshwaghmare.com\/?p=19033","title":{"raw":"Basic Auth Post 2","rendered":"Basic Auth Post 2"},"content":{"raw":"","rendered":"","protected":false,"block_version":0},"excerpt":{"raw":"","rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"permalink_template":"http:\/\/localhost\/maheshwaghmare.com\/%postname%\/","generated_slug":"basic-auth-post-2","_links":{"self":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/posts\/19033"}],"collection":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/comments?post=19033"}],"version-history":[{"count":0,"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/posts\/19033\/revisions"}],"wp:attachment":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/media?parent=19033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/categories?post=19033"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/tags?post=19033"}],"wp:action-publish":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/posts\/19033"}],"wp:action-unfiltered-html":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/posts\/19033"}],"wp:action-sticky":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/posts\/19033"}],"wp:action-assign-author":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/posts\/19033"}],"wp:action-create-categories":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/posts\/19033"}],"wp:action-assign-categories":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/posts\/19033"}],"wp:action-create-tags":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/posts\/19033"}],"wp:action-assign-tags":[{"href":"http:\/\/localhost\/maheshwaghmare.com\/wp-json\/wp\/v2\/posts\/19033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

E.g.

CURL Request

Output

New Post in Draft

Top ↑

Create a post with wp_remote_post Create a post with wp_remote_post

Try below code:

Output –

New Post in Draft

Performing Basic Authentication Rest API requests in WordPress with JSON Basic Authentication.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: