An API (Application Programming Interface) is a programmatic way to interact with an application’s data. WordPress uses REST API to talk with another Web apps or desktop apps or even the mobile apps, ie outside its local server.

As mentioned in its documentation, almost everything can be done using GET and POST request. Sending a GET request through API isn’t a big deal as almost all of the data in the site is visible except for user’s list. So, everything that isn’t public and needs user to login requires some sort of authentication. WordPress API supports 3 types of authentication, namely:

  • Basic Authentication
  • Cookie Authentication
  • OAuth Authentication

In this tutorial, we are going to learn about using OAuth 2.0 with WordPress API as an authentication for carrying authenticated works in the site. For this you will be needing 4 things:

  • A site to which we will be sending API request
  • An OAuth server for WordPress: WP OAuth Server
  • An extension that supports a platform for REST API: WordPress REST API
  • A Client to send an API request: PostMan

As an example we will be using http://localhost/wp-api/ as a server to receive API request

We first start by setting up all the plugins needed. We have to do no work for WordPress REST API. We just need to configure WP OAuth Server Plugin. By default, this plugin provide access for 3600 seconds. For greater time access, you either need to tweak the plugin, or invest some money in it.


  1. Make sure the API is enabled
    1. OAuth Settings
  2. Enable “Authorization Code” mode
    2. OAuth Settings
  3. Add New Client
    3. OAuth Settings
  4. Enter Client name, Redirect URI, and a description. A Redirect URI is an endpoint where the request is redirected after it succeed.
    4. OAuth Settings
    The URL may look like this:
    http://localhost/wp-api/parsejson.php?code=px6n6qkv1xyecnc9frjhenfooyo24zsbtncqhextThe file: parsejson.php contains of following code:

    In the above code, you need to change two things:

    • Add your URL in curl_init()
    • Add Client Key and Client Secret Key in specified format:
      ClientKey:ClientSecretKey in the line CURLOPT_USERPWD as follows:
      curl_setopt($curl, CURLOPT_USERPWD, ClientKey:ClientSecretKey)


  5. After you add new client, the last thing needed is Client Secret key
    5. OAuth Settings

  6. After you are done, you are ready to send a request to the server. The URL to send will look like this:
    http://localhost/wp-api/oauth/authorize?response_type=code&client_id=f38dN2xPqjWeQeOwhE7hrUkCyPp6lMBrowse this link via browser, and you will get a JSON data as shown in the image below:6. Get Access Token
  7. Now that you have grabbed a token, you are ready to send a POST request to the server. So open a Post Man Apps.

If you look over, you can see POST /posts . Which means Request types is POST and your end point will be posts. Also, as this is privileged task, you need to use access token as a parameter.  So your URL will

ie: http://localhost/wp-api/wp-json/wp/v2/posts?access_token=62s4d7hdxf61aaf4bwrvu7hry90o86s1q9i6ggsb

And the content (body) will be same as mentioned in
7. Send POST request

So, that’s all about Using OAuth 2.0 with WordPress API. Above mentioned example is just for a Post. Using similar endpoints and content, you can do any task that is available in API.


About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Premium WordPress Themes