REST API / Authentication

The REST API Supports three different methods of authentication at this point in time.

  • Groundhogg API Keys
  • WordPress Application Passwords
  • WordPress REST Nonce

Groundhogg API Keys

To use an API key to access the API (the simplest method) go to the API tab in the Groundhogg settings and generate a new pair of keys for your user account.

API keys are linked to a user record, and will thus share the same privileges as the user, meaning you can distribute keys to team members safely without needing to worry about possible abuse.

To use the API keys, add the gh-token and gh-public-key as request headers when sending requests.

Headers:
...
gh-token: <YOUR TOKEN>
gh-public-key: <YOUR PUBLIC KEY>

Here's an example using the PHP WordPress HTTP API

WordPress Application Passwords

You can also use the WordPress application passwords system instead of API keys.

Go to your user profile in WordPress and scroll to the application password area and generate a new application password.

Copy your new password to a secure place, you will not be able to see it again after leaving the page.

When sending a request add the Authorization header with the Basic authentication standard format of Basic base64(username:password). Here's an example in PHP using the WordPress HTTP API.

WordPress REST Nonce

If you are working on the frontend with JavaScript, you can use the WordPress Nonce system to easily authenticate API requests.

First, generate a nonce and use wp_localize_script() to pass it to your frontend script.

Then you can pick it up in your script and make requests using either jQuery.ajax or the fetch API

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us