REST API / Authentication
The REST API Supports three different methods of authentication at this point in time.
- Groundhogg API Keys
- WordPress Application Passwords
- WordPress REST Nonce
Groundhogg API Keys
To use an API key to access the API (the simplest method) go to the API tab in the Groundhogg settings and generate a new pair of keys for your user account.
API keys are linked to a user record, and will thus share the same privileges as the user, meaning you can distribute keys to team members safely without needing to worry about possible abuse.
To use the API keys, add the
gh-public-key as request headers when sending requests.
Headers: ... gh-token: <YOUR TOKEN> gh-public-key: <YOUR PUBLIC KEY>
Here's an example using the PHP WordPress HTTP API
WordPress Application Passwords
You can also use the WordPress application passwords system instead of API keys.
Go to your user profile in WordPress and scroll to the application password area and generate a new application password.
Copy your new password to a secure place, you will not be able to see it again after leaving the page.
When sending a request add the Authorization header with the Basic authentication standard format of
Basic base64(username:password). Here's an example in PHP using the WordPress HTTP API.
WordPress REST Nonce
First, generate a nonce and use
wp_localize_script() to pass it to your frontend script.
Then you can pick it up in your script and make requests using either jQuery.ajax or the fetch API