WP REST API and Postman - Using Application Passwords in WordPress

Поделиться
HTML-код
  • Опубликовано: 7 янв 2025

Комментарии • 24

  • @Lukasz-online
    @Lukasz-online 11 месяцев назад +1

    Great intro Brian! - You should def write/do more videos on this topic because I also noticed very little content on app passwords. - we need more use cases!

    • @BrianCoords
      @BrianCoords  11 месяцев назад +1

      Thanks! Will do! I'm hoping to do a follow up on getting an application password from a site programmatically. I'm thinking the use case will be something like - can I give you a link that let's me authenticate with your site so I can programmatically create post drafts for you.

  • @Drivingralle
    @Drivingralle 9 месяцев назад

    Would love to see a details video about the access sharing you showed at the end

    • @BrianCoords
      @BrianCoords  9 месяцев назад +1

      Definitely - it's on my list!

  • @Haana_HD
    @Haana_HD 8 месяцев назад +1

    you are the bestttt . thank you!!!!!!!

  • @tingtongraas
    @tingtongraas 28 дней назад

    Thanks for this. It did help. After setting up an application password and adding the auth credentials to postman I was still getting a rest_forbidden response. The site I am working on has wordfence installed and it turns out that wordfence disables application passwords by default. After changing the wordfence setting it worked fine.

  • @dandin1984
    @dandin1984 8 месяцев назад +1

    Thanks for the video! I was wondering, can you show maybe how to block the public api totally and then reach it via api key? So basically I am looking for a way to implement it as Machine-to-machine technique, reaching the api only from my server (node.js)...

    • @BrianCoords
      @BrianCoords  8 месяцев назад

      So I believe you can require permissions for ALL endpoints if you want. And then you'd just use the application key method to authenticate every request:
      developer.wordpress.org/rest-api/frequently-asked-questions/#require-authentication-for-all-requests

  • @nickywan123
    @nickywan123 8 месяцев назад

    If I am building custom rest api endpoints for 3rd party service to call it, would you recommend application password for authentication? I believe we have other forms of auth like cookie based auth, oAuth, etc. What about using api key ?
    i cannot find any documentation on how to generate api key for auth purpose, can you make a video about it?

    • @BrianCoords
      @BrianCoords  8 месяцев назад

      I'd need to know more about the situation, but this is probably the best approach to authenticating with the WP REST API, though I know there's a plugin out there for JWT which I assume would be good too developer.wordpress.org/rest-api/using-the-rest-api/authentication/
      But basically this is the way to generate an API key - it just is tied to a specific user's account. As long as the user is an admin, you could be fine.
      There is a way to programmatically grab the application password under the hood, which might be something worth looking into: make.wordpress.org/core/2020/11/05/application-passwords-integration-guide/

  • @AshishBanerjee
    @AshishBanerjee 8 месяцев назад

    How can we use this for checking theme license? Suppose i created a theme to sell, user bought from woocomerce website and then installs the theme in their website. Can we send them application password as theme license, if yes then how can we check of the license is valid if someone else copies the license and tries to install the theme

    • @BrianCoords
      @BrianCoords  8 месяцев назад

      If I understand the question, I probably wouldn't do this. An application password is specifically for granting an application access to your WordPress site _as a specific admin user_. Storing application passwords for other sites in a central server is a huge security risk too - if you were hacked all of those application passwords would grant the attacker access to all of those other sites and you'd have some unhappy customers. There are plenty of good tools out there for license keys.

    • @AshishBanerjee
      @AshishBanerjee 8 месяцев назад

      @@BrianCoords that absolutely makes sense. thank you. would it be possible to create a tutorial for implementing license key functionality in a FSE theme? maybe include two variants (single Install license and multi/unlimited install license). I am searching for days and couldn't find one good tutorial on this which explains the steps in simple way.

    • @BrianCoords
      @BrianCoords  8 месяцев назад

      @@AshishBanerjee So that I understand correctly - you want to sell a block theme and have the theme require a license key?

  • @JasonHenkel-nc5eg
    @JasonHenkel-nc5eg 8 месяцев назад

    Hi Brian, thanks so much for the tutorial! I followed it step by step, but I am still receiving an error for INVALID_PASSWORD. I have tried an application password, as well as my regular password. I even created a new user, and reset the passwords for both users. I've tried from a custom code configuration as well as in postman. Do you have any idea why I am still encountering this error? Thanks!

    • @BrianCoords
      @BrianCoords  8 месяцев назад

      Hmm I'd probably need to know more about your specific project setup to help solve this issue. I would make sure there's no additional security plugins or authentication on your site. Then I'd install Query Monitor and check the response headers for more information. Finally you can test using the _envelope parameter to see if you get more details in your response developer.wordpress.org/rest-api/using-the-rest-api/global-parameters/#_envelope

  • @onelook1870
    @onelook1870 10 месяцев назад

    Just wanted to know if the slug of custom part your can be removed or not

    • @BrianCoords
      @BrianCoords  10 месяцев назад

      Hey can you clarify your question a little bit? I'm sure if I follow

    • @onelook1870
      @onelook1870 10 месяцев назад

      @@BrianCoords e.g. localhost/author/1 ---> localhost/1. The custom post your author has a slug author can the slug author be removed from the CPT?

    • @BrianCoords
      @BrianCoords  10 месяцев назад

      @@onelook1870 Ah so /author/ is a core WordPress permalink for authors and not technically a CPT. You can change the slug. You can also remove, but sometimes removing it will cause issues, so you have to be careful.

    • @onelook1870
      @onelook1870 10 месяцев назад

      @@BrianCoords what will happen in the case of custom post type for example there are movies which was created using pages but now I want to shift it and make a custom post type of movie? In this case can i remove the slug of movie cpt?

  • @bellasvideo5620
    @bellasvideo5620 8 месяцев назад

    not working at all