API’s can use both Authentication and/or Authorization to help secure their API’s. Authentication proves that you are who you say you are. It is like having a drivers license – it proves your identity. Authorization goes a step further and proves that you have the right to access something – that you are authorised to do so.
Authentication and authorization play different roles and are often confused with each other. But we don’t really need to know the technicalities of it all, we just want to connect to our API, so let’s look at the various ways that WPGetAPI can connect you to your API.
This is a very simple method of authentication. If you are using this method then you would have been given an API key by your API provider. The API key could be added to the query string or to the header or to anywhere really.
Here is an article on Adding API keys to the query string
Here is an article on Adding API keys to the header
Username & Password
If your API uses a username and password combination, this will usually be added to the Body as POST fields. Looking at the image below you can see that this is easily achieved using WPGetAPI. Some API’s will require these fields to be JSON encoded or URL encoded, which you can choose with the Encode Body option.
The bearer token is a text string that is included in the request header and usually looks something like this:
Authorization: Bearer <your_token_here>
To set this up in the plugin, you would add a name/value pair to the Headers section like in the below image. The plugin takes care of joining these together and adding the colon (:).
Basic HTTP Authentication – base64 encoded
Basic HTTP Authentication (or basic auth) sends the API a username/password or a clientId/clientSecret combination that is encoded using the base64 method. This is then sent in the header request to the API and will look something like this:
Authorization: Basic <Base64 encoded username and password>
We can use this type of authentication when using the Pro plugin – this authentication method is not available in the free plugin, only the paid version. To be able to use this method, you simply need to add the details into the Headers section as shown in the image below.
By adding the base64_encode() function, the plugin will automatically encode whatever is in between the brackets.
OAuth 1.0 & OAuth 2.0
Currently we do not support these methods, but we are working on this and it will be released sometime soon.