For those who have been following the progress of integrating the REST API into the WordPress core, you know there has been significant progress made in recent months.
Because of the rapid activity lately, the documentation is a bit out of date, especially related to Oauth and creating consumer keys, so it seems like a detailed walk through of what’s required on the WordPress side to setup REST and authenticate using Oauth. Bottom line, it’s not as difficult as it might seem.
Before you begin, make sure your WordPress version is 4.4 or higher.
Installing WP REST API and Oauth Plugins
For the official Oauth server plugin, which is only necessary to install if your application will need do anything that would normally require a user to log in, still needs to be downloaded from the Github page, but will eventually be added to the repository as well.
Both of these plugins are still in beta and undergoing rapid iteration, so while they are more stable than ever and nearing inclusion with core, expect anything! It’s certainly not too early to be learning and testing though.
If you are only installing the REST API plugin and don’t need to authenticate, you’re done! Find out more about what you can do with the REST API in the official documentation here.
Creating Oauth Consumer Keys in WordPress Admin
If you are wanting your application to authenticate, so it can do actions such as creating and editing content, install and activate the official Oauth Server plugin and you will now have an admin page for creating and managing permissions. Go to Users > Applications and click Add New to create your first consumer, (or application), key set.
After completing the form and clicking Add Consumer you will see that two keys were generated, Client Key and Client Secret. Plus there’s a reference to the callback URL you added. You can come back here to copy and past these items as you need them for your application later.
Now you have everything you need for authenticating. How you authenticate will depend on how you are building your application, which is beyond the scope of this introduction, but here’s some resources to help you learn more about authenticating using Oauth: