As of April 2026, API Bearer Auth is a WordPress api plugin with 300 active installations and a 5/5 rating from 6 reviews. It has been downloaded 23K+ times in total. Requires WordPress 4.6+ and PHP 5.4.0+. Available on WordPress.org since 2017. Support resolution rate: 0%. Top alternative: WP Consent API.
5/56 reviews
300active installs
0%resolved
9 yearssince 2017
Overview
The API Bearer Auth plugin enables authentication for the REST API by using JWT access an refresh tokens. After the user logs in, the access and refresh tokens are returned and can be used for the next requests. Issued tokens can be revoked from within the users admin screen. See below for the endpoints.
Note that after activating this plugin, all REST API endpoints will need to be authenticated, unless the endpoint is whitelisted in the api_bearer_auth_unauthenticated_urls filter (see FAQ for how to use this filter).
JWT
Access tokens can be formatted as JWT tokens. For this to work, you first have to create a secret and add it to the wp-config.php file. If you don’t do this, access tokens will work also, but are just random strings. To create a random secret key, you can do for ex…
Ratings & Reviews
56 reviews
5 ★
6
4 ★
0
3 ★
0
2 ★
0
1 ★
0
Compatibility
| WordPress | 4.6+ requiredTested up to 6.9.4 |
| PHP | 5.4.0+ required |
Top Alternatives to API Bearer Auth
Frequently Asked Questions
Changelog
20200916
- Added permission_callback to prevent error in log.
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.