I want to implement Rest api with authorization in my Wordpress website. the version of Wordpress is 4.9.5 and REST api version 2.0-beta15. For securing my apis i need to implement OAuth on my site and at first, I implement WordPress REST API – OAuth 1.0a Server from this link and this useful link. But had these issues with plugin:
So I looking for another plugin and find JWT Authentication for WP-API. This plugin is easier and handy. I followed the instructions and can get token and add to request header to make a request and if it is the valid response is 200 and if not need to validate. Every thing seems to work fine!
But the same problem:
This is despite documents that say:
Once you get the token, you must store it somewhere in your application, ex. in a cookie or using localstorage.
From this point, you should pass this token to every API call
So now I see that I cloud not restrict API call to have Authorization header in both plugins, how I can achieve that and what is the best solution?
I finally solve this problem with this plugin:
Disable REST API and Require JWT / OAuth Authentication
As its name says it will do exactly what i want. It works on both plugin i used
And restricts all api calls that not authorized and works fine. So i my best practice is JWT for Oauth + Disable REST API and Require JWT / OAuth Authentication and they are very good combination to implement OAuth in android application for word-press.