Title: [API] server authentication over SSL Last modified: September 1, 2016 --- # [API] server authentication over SSL * [wordpressmenow](https://wordpress.org/support/users/wordpressmenow/) * (@wordpressmenow) * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/) * hi * we are using the API for fetching data to mobile app. * is there a way to remove the need of server authentication (user and secret), but keep the permission as “read only”? * [https://wordpress.org/plugins/woocommerce/](https://wordpress.org/plugins/woocommerce/) Viewing 12 replies - 1 through 12 (of 12 total) * Plugin Contributor [Mike Jolley](https://wordpress.org/support/users/mikejolley/) * (@mikejolley) * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598831) * Not without customisation. Only the index endpoint is available without auth. * Thread Starter [wordpressmenow](https://wordpress.org/support/users/wordpressmenow/) * (@wordpressmenow) * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598839) * thanks for your reply mike 🙂 * [Caleb Burks](https://wordpress.org/support/users/icaleb/) * (@icaleb) * Automattic Happiness Engineer * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598847) * Might want to reconsider doing this as well. Why bypass the authentication? That can be very dangerous. All of your order information will be available to anybody that can run an api call? Very unsafe for your customers as this can include their phone number, email address, shipping and billing address, etc. * If you are looking to do this solely because of the difficulty of authenticating, then I would strongly suggest reconsidering 🙂 * Thread Starter [wordpressmenow](https://wordpress.org/support/users/wordpressmenow/) * (@wordpressmenow) * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598858) * hi Caleb * Thanks you for your reply. Actually the shop is in catalog mode so no there are no sales, or customer details. * I did authenticate – problem is that authentication eats time… and I want to make things faster. * [Caleb Burks](https://wordpress.org/support/users/icaleb/) * (@icaleb) * Automattic Happiness Engineer * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598875) * > problem is that authentication eats time * Do you mean the time it will take in development, or the time the api call takes? The time it takes to make an api request isn’t going to be much higher whether authenticating or not. * Even with no orders, you will leave yourself open to some other issues, like the customers endpoint: [https://woothemes.github.io/woocommerce-rest-api-docs/#customers](https://woothemes.github.io/woocommerce-rest-api-docs/#customers). It gives access to the admin account’s email and the ability to reset the password. * Thread Starter [wordpressmenow](https://wordpress.org/support/users/wordpressmenow/) * (@wordpressmenow) * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598877) * i was reffering to the API call itself… not the development. * for some reason it takes 2-3 seconds more – which is a lot. * you are absoloutly right about credentials but for that you need the “Automatically generate customer password” option enabled. * i also specified in question – keep the permission as “read only”. * btw, i’m still using v3 legacy API and not the new WP-REST. * [Caleb Burks](https://wordpress.org/support/users/icaleb/) * (@icaleb) * Automattic Happiness Engineer * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598881) * Just wanted to throw out some warning flags is all to make sure the decision is thought through 🙂 * > for some reason it takes 2-3 seconds more * Have you looked into caching the results maybe? There shouldn’t be a need to always refresh the product catalog on every app/page load. * Thread Starter [wordpressmenow](https://wordpress.org/support/users/wordpressmenow/) * (@wordpressmenow) * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598882) * your warning flags are 100% in place. * actually – caching results is my prime goal… for some reason i cant find a proper way of doing that. * searched the web for the last 5 days and nada. * do you know a way i can cache the JSON results? maybe even how to `set_transient` properly for the V3 API? * that would realy fix my problem! thanks 🙂 * [Caleb Burks](https://wordpress.org/support/users/icaleb/) * (@icaleb) * Automattic Happiness Engineer * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598883) * I’m not very knowledgeable on mobile app practices. Setting transients on the site probably won’t help much, since you will then need new api endpoints to get the data, and then still have to query those endpoints. * I know there are ways to cache in apps though, as we do it with our ios app 🙂 * Thread Starter [wordpressmenow](https://wordpress.org/support/users/wordpressmenow/) * (@wordpressmenow) * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598884) * i think you got me wrong, i’ll try to explain again: * ios or andrd app are calling the wc api in order to get the products data. * since there are A LOT of products, the call is wayyyy too long for user to wait ==> that is why im trying to cache (and remove authentication) the results, in order to cut the waiting time. * once data is in app we can handle the caching on device without a problem. * main issue is how to cache the result from server that the app/user is waiting for :\ * [Caleb Burks](https://wordpress.org/support/users/icaleb/) * (@icaleb) * Automattic Happiness Engineer * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598885) * Hmm. Even with transients though, you still need to query all of the data from the rest api. Are you pulling each product on the site and all information about it (price, image, description, etc)? * I suppose you could set one giant transient with everything your app needs. Not sure about how this will affect the performance though. * Thread Starter [wordpressmenow](https://wordpress.org/support/users/wordpressmenow/) * (@wordpressmenow) * [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598886) * yeah..prety much all of the daa is pulled. * thought about using one giant transient, but than i rememberd that i also need other data such as customers, catagories etc’… so the url’s are completly different. * thinking about putting myself in transient mode :/ Viewing 12 replies - 1 through 12 (of 12 total) The topic ‘[API] server authentication over SSL’ is closed to new replies. * ![](https://ps.w.org/woocommerce/assets/icon.svg?rev=3234504) * [WooCommerce](https://wordpress.org/plugins/woocommerce/) * [Frequently Asked Questions](https://wordpress.org/plugins/woocommerce/#faq) * [Support Threads](https://wordpress.org/support/plugin/woocommerce/) * [Active Topics](https://wordpress.org/support/plugin/woocommerce/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/woocommerce/unresolved/) * [Reviews](https://wordpress.org/support/plugin/woocommerce/reviews/) ## Tags * [api](https://wordpress.org/support/topic-tag/api/) * [authentication](https://wordpress.org/support/topic-tag/authentication/) * 12 replies * 3 participants * Last reply from: [wordpressmenow](https://wordpress.org/support/users/wordpressmenow/) * Last activity: [9 years, 10 months ago](https://wordpress.org/support/topic/api-server-authentication-over-ssl/#post-7598886) * Status: not resolved