Title: Minimum rights for basic authentication Last modified: March 17, 2022 --- # Minimum rights for basic authentication * Resolved [benhartwich](https://wordpress.org/support/users/yoursql719/) * (@yoursql719) * [4 years, 2 months ago](https://wordpress.org/support/topic/minimum-rights-for-basic-authentication/) * Hi, * we´re using your miniorange API Authentication Plugin with basic authentication. It´s working fine, but there is no documentation about which right / role the wordpress user should have when using this authentication method for just reading posts API e.g.? It is a potential security risk when I have to use an admin account. What can you recommend? * Regards, Viewing 1 replies (of 1 total) * Plugin Author [miniOrange](https://wordpress.org/support/users/cyberlord92/) * (@cyberlord92) * [4 years, 2 months ago](https://wordpress.org/support/topic/minimum-rights-for-basic-authentication/#post-15501036) * Hi [@yoursql719](https://wordpress.org/support/users/yoursql719/), * Thanks for reaching out. * Yes, we will surely publish the document so you and other users using our plugin will have help in this regard. * Regarding your question, The **Basic Auth** uses user credentials which serves the purpose of both **_Authentications_** as well as _**authorization**_. The validation of the user credentials fulfils the need for user authentication that the request has been made from a valid user and the Authorization servers the purpose to only allow to view the data or perform any operation for what he is allowed to do so based on his capabilities. * **Example** – If someone tries to access the WordPress posts GET API, then if the credentials are of subscriber user, then only he will be allowed to access the posts which only subscriber can view. Similarly, if the subscriber user tries to create the posts via API, then as per WordPress guidelines, only Admins and Editors are allowed to create/update posts, so that subscriber user will receive the error from the WordPress side. * So, basically, it depends upon your requirements what type of operation you want to perform via WordPress API call hence there won’t be any risk. Also, if you have concerns about using a user’s credentials, then you can opt for Basic Auth with Client credentials method or the most secure OAuth 2.0 Auth with Client Credentials grant. You can check all the auth methods in detail from [https://plugins.miniorange.com/wordpress-rest-api-authentication#rest-api-methods](http://here) * To get more information and discuss your requirements in detail with our technical engineer, please feel free to drop out an email to [apisupport@xecurify.com](https://wordpress.org/support/topic/minimum-rights-for-basic-authentication/apisupport@xecurify.com?output_format=md). * Thanks, Team miniOrange - This reply was modified 4 years, 2 months ago by [miniOrange](https://wordpress.org/support/users/cyberlord92/). - This reply was modified 4 years, 2 months ago by [miniOrange](https://wordpress.org/support/users/cyberlord92/). Viewing 1 replies (of 1 total) The topic ‘Minimum rights for basic authentication’ is closed to new replies. * ![](https://ps.w.org/wp-rest-api-authentication/assets/icon-128x128.png?rev=2084327) * [JWT Authentication for WP REST APIs](https://wordpress.org/plugins/wp-rest-api-authentication/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-rest-api-authentication/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-rest-api-authentication/) * [Active Topics](https://wordpress.org/support/plugin/wp-rest-api-authentication/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-rest-api-authentication/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-rest-api-authentication/reviews/) ## Tags * [jwt](https://wordpress.org/support/topic-tag/jwt/) * 1 reply * 2 participants * Last reply from: [miniOrange](https://wordpress.org/support/users/cyberlord92/) * Last activity: [4 years, 2 months ago](https://wordpress.org/support/topic/minimum-rights-for-basic-authentication/#post-15501036) * Status: resolved