Title: Support for WordPress REST API Authentication
Last modified: November 15, 2019

---

# Support for WordPress REST API Authentication

 *  Resolved [divv](https://wordpress.org/support/users/divv/)
 * (@divv)
 * [6 years, 6 months ago](https://wordpress.org/support/topic/support-for-wordpress-rest-api-authentication/)
 * Hi, great plugin!
 * My only issue is that authentication does not work for cached pages/posts. I’m
   using WP REST API Authentication plugin ([https://wordpress.org/plugins/wp-rest-api-authentication/](https://wordpress.org/plugins/wp-rest-api-authentication/)).
   Basically, if a page/post is NOT cached authorization works fine, if the page/
   post IS cached it gets delivered even though no authorization header is set.
 * I understand that this is somewhat out of your control but it would be so nice
   if these two plugins could work together. I guess that the mechanism which verifies
   the Bearer token has to be added to the function which retrieves the cached pages/
   posts just as it does on a “normal request”.
 * As of now one has to choose one or the either of these plugins, fast retrieval
   or secure retrieval of data 😀
 * Or is there any other solution?
 * (I will post this on WordPress REST API Authentication support as well)
 * Kind regards
    David

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Author [Richard Korthuis](https://wordpress.org/support/users/rockfire/)
 * (@rockfire)
 * [6 years, 6 months ago](https://wordpress.org/support/topic/support-for-wordpress-rest-api-authentication/#post-12160467)
 * Hi [@divv](https://wordpress.org/support/users/divv/)
 * Thank you for using our plugin and sorry for the late response. It took some 
   time to dig into this.
 * For now I have a quick-fix for you, while we add this to our to-do list to see
   how we can better support this kind of authentication. The quick-fix involves
   you editing the mu-plugin that was installed by the WP REST Cache plugin, so 
   I hope you are comfortable doing that?
 * Go to `/wp-content/mu-plugins/wp-rest-cache.php` and add the following lines 
   directly after line 24 (so after the line `if ( is_plugin_active( 'wp-rest-cache/
   wp-rest-cache.php' ) ) {` ):
 *     ```
       	if ( is_plugin_active( 'wp-rest-api-authentication/miniorange-api-authentication.php' ) ) {
       		include_once ABSPATH . '/wp-settings.php';
       		wp_cookie_constants();
       		include_once ABSPATH . WPINC . '/pluggable.php';
       		include_once WP_PLUGIN_DIR . '/wp-rest-api-authentication/admin/class-miniorange-api-authentication-admin.php';
       		$mo = new \Miniorange_API_Authentication_Admin( 'miniorange-api-authentication', '1.0.0' );
   
       		$mo->mo_api_auth_initialize_api_flow();
       	}
       ```
   
 * Please let us know if it works for you!
 *  Plugin Author [Richard Korthuis](https://wordpress.org/support/users/rockfire/)
 * (@rockfire)
 * [6 years, 6 months ago](https://wordpress.org/support/topic/support-for-wordpress-rest-api-authentication/#post-12160497)
 * N.B. I also did see the solution posted by miniOrange in [this topic](https://wordpress.org/support/topic/support-for-wp-rest-cache/)
   you opened for their plugin. Although it might solve the problem of showing the
   endpoints unauthenticated, it also disables caching for those endpoints.
 *  Thread Starter [divv](https://wordpress.org/support/users/divv/)
 * (@divv)
 * [6 years, 6 months ago](https://wordpress.org/support/topic/support-for-wordpress-rest-api-authentication/#post-12173083)
 * My development halted here so I eventually reached for another solution regarding
   authentication, so I will still be using your plugin!
 * Since I’m using another API on my backend I decided to proxy all requests to 
   WP through that other API which itself has JWT authentication.
 * Then I just block any incoming requests from outside to `/wp-json`. My other 
   API can reach this location through Basic auth which is safe enough since the
   calls are all done internally.
 * This is how I done for Apache if someone else is interested. Not the best solution
   but it will do for now.
 *     ```
       <Location "/wp-json">
           AuthType Basic
           AuthName "Restricted Access"
           AuthUserFile /etc/apache2/.htpasswd
           Require valid-user
       </Location>
       ```
   
 *  Thread Starter [divv](https://wordpress.org/support/users/divv/)
 * (@divv)
 * [6 years, 6 months ago](https://wordpress.org/support/topic/support-for-wordpress-rest-api-authentication/#post-12173574)
 * Oh, forgot to mention that you will need this as well
 * `https://github.com/WP-API/Basic-Auth`
 *  Plugin Author [Richard Korthuis](https://wordpress.org/support/users/rockfire/)
 * (@rockfire)
 * [6 years, 6 months ago](https://wordpress.org/support/topic/support-for-wordpress-rest-api-authentication/#post-12175663)
 * Hi [@divv](https://wordpress.org/support/users/divv/)
 * Thank you for your feedback, this might help other people searching through this
   topic 🙂

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Support for WordPress REST API Authentication’ is closed to new replies.

 * ![](https://ps.w.org/wp-rest-cache/assets/icon-256x256.png?rev=3328849)
 * [WP REST Cache](https://wordpress.org/plugins/wp-rest-cache/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-rest-cache/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-rest-cache/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-rest-cache/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-rest-cache/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-rest-cache/reviews/)

 * 5 replies
 * 2 participants
 * Last reply from: [Richard Korthuis](https://wordpress.org/support/users/rockfire/)
 * Last activity: [6 years, 6 months ago](https://wordpress.org/support/topic/support-for-wordpress-rest-api-authentication/#post-12175663)
 * Status: resolved