WordPress, being a powerful and versatile content management system, provides developers and users with the ability to interact with its core functionalities through REST API. Whether you’re building a custom application, integrating third-party services, or simply looking to enhance the capabilities of your site, enabling the WordPress REST API or generating application passwords is a crucial step. In this step-by-step guide tutorial, we would go through all the steps to generate WordPress Application Password.
Table of Contents
In this blog post, we’ll guide you through the process of enabling the REST API and generating application passwords in WordPress.
Before, we dive directly into enabling the WordPress REST API or creating the application password, first we need to understand what an API is, its purpose, and how it works. If you are already familiar with the API, then you can skip this section and jump to the next section where I explain how to create WordPress application password (required to make WordPress API calls) step-by-step with pictures.
What is an API?
API, an acronym for Application Programming Interface, encompasses a set of digital guidelines and protocols. These directives facilitate the retrieval of data from a digital system, such as a website, enabling diverse operations like creation, updating, fetching, and deletion from a remote location.
Learn more about API in detail here.
Now let’s jump to our main topic of how to enable WordPress REST API or how to create WordPress Application Password to make API calls to a WordPress website.
How to Enable REST API in WordPress
WordPress REST API is enabled by default. Actually, WordPress REST API was introduced as a plugin but then on the launch of WordPress Version 4.7, which was released in 2016, WordPress REST API was added as a core feature of it. Therefore, if you are running WordPress 4.7 or higher, then you do not have to do anything to activate or enable it.
If your website is running on a WordPress version lower than 4.7 then you must install WordPress REST API Plugin provided by WordPress itself, to activate the API feature on your website.
How to Create WordPress Application Password?
Generating Application Password for a WordPress User:
An application password is a secure way to grant third-party applications or services access to your WordPress site without revealing your actual login credentials.
Important Points
- This application password is generated for a user. Which means each user on your site can have its own application password(s).
- The user, you are generating the application password for, must have admin access or he must be an administrator in your WordPress site.
Creating WordPress Application Password in 3 Steps
1. Navigate to WordPress Users Page: Click on the Edit link under the user profile (for which you want to generate an application password).
2. Give Your Application Password a Name: Scroll down to the “Application Passwords” section and type a name for it for internal reference purpose and to help you identify that where you are using this application password or rest api key. You can name it anything you want. Avoid using special characters though.
Note: If you don’t see this section, it means your site may not support application passwords, or the feature might be disabled. In that case, you may need to check with your hosting provider or site administrator.
3. Generate New Password: After giving a name to your new REST API Application Password, click on the “Add New Application Password” button.
Copy the Generated Password: Once you click “Add New Application Password,” WordPress will generate a unique password for the application. Copy this password immediately as it won’t be visible again.
Use the Application Password: You can now use this application password in your third-party application or service to authenticate and interact with your WordPress site through the REST API.
Why do we need a WordPress Application Password?
A WordPress Application Password is an authentication protocol required to perform various modifications operations like update or delete on a WordPress website’s data. Without application password, we can only read or receive a website’s data, but we cannot change it. Therefore, application password is must to gain edit or delete permissions for a website’s data.
Troubleshooting REST API in WordPress
Sometimes, we face issues connecting to WordPress even after generating an application password properly. Following the steps below to make sure nothing is preventing the WordPress REST API to accept api calls and connect with it.
- Login to Your WordPress Dashboard: Log in to your WordPress admin dashboard using your administrator credentials.
- Navigate to Settings: In the dashboard, go to “Settings” and click on “Permalinks.” You don’t need to make any changes here; just visiting the Permalinks page helps flush the rewrite rules, which is necessary for the REST API to function correctly.
- Check REST API Access: Ensure that your WordPress installation allows access to the REST API. Go to “Settings” and click on “Reading.” Look for the option that says, “Discourage search engines from indexing this site” and make sure it is not checked. Enabling this setting may restrict REST API access.
That’s it! You’ve successfully enabled the REST API in WordPress. You can now start making requests to your site’s data using the API endpoints.
Read more about WordPress REST API here.
WordPress REST API FAQs
How many applications passwords can be generated in WordPress?
It’s possible to create numerous application passwords for a single user. There is no such limit on it.