How to use the Rest API with authentification
To authenticate the requests against the Podlove Publisher API we recommend the WordPress application password functionality. In the example you can also see how you can test the API with Postman and the WordPress application passwords.
All changes to data using the API require the authentication of the user. In addition, only authenticated users can query non-public data. An authorized user must have the right to modify posts in order to modify or query data.
WordPress application password
This option is provided directly by WordPress (since version 5.6.). The application password is directly assigned to a user and can not be used for an interactive login. A user can create multiple application passwords and it is recommended to assign a separate application password for each client application for security reasons. If a client application was compromised, the user can revoke the password specifically for this application.
Create an application password
WordPress admins can create Application Passwords for each user, users can also create Application Passwords for their account in the users profile page.
It is important to save the now visible password securely right away. After leaving the page, the password is no longer visible and cannot be displayed again. In the list all created Application Passwords are listed and can be revoked individually.
Test the API with Postman
The generation of an episode exemplifies the usage.
- Select HTTP method POST
- Enter the URL http://podlove.local/wp-json/podlove/v2/episodes
- Select the Authorization tab
- Select Basic Auth as type
- Enter username and application password
- Press the Send button
- The response (status and body) appears in the lower part of the screen