JWT authentication for WordPress Rest API V2 using Postman.

REST API is the most popular system to exchange data through application to application. We can create multiple applications based on one back-end system. So when we are building an application based on rest API then we get and send a request to the API endpoint. To make this protocol secure and authenticate there have lots of authentication process but I will show the most used system for WP REST API authentication. It is known as JWT authentication. So let’s move forward and learn what is JWT and how we can authenticate with WordPress REST API V2 using JWT for WordPress rest API plugin.

What is JWT authentication?

JWT means JSON web token. In a word, we can say that JWT is cookie-based authentication. While user login into WordPress then a cookie is set in his browser, JWT plugin match this cookie while a user is logged in and give access to the secure endpoints like posts, pages and users so that we can create posts, update posts and others secure endpoint. I will use JWT Authentication for WP REST API plugin. Here is the link . Please download it and install.

What is Postman tool?

Postman is a most and great tool for testing REST API. If you want to learn more about Postman please visit their website. So before practice this article please download Postman software and install like other software.

JWT plugin install and configuration process.

Hope you are ready. Now I will show how to install and configure JWT for WordPress rest API plugin.

Step One: install JWT plugin

First, go to WordPress plugins-> add new plugin then search in the search box ” JWT for WordPress rest API “. You will see lots of plugins but use the plugin that you see below in the screenshot.

Just install and active. You will not get any admin option for it. You have to manually setup it. So in the step two I will show the configure process.

Step Two: configure JWT plugin

So to configure this plugin you have to follow the plugin setup guideline. Click on the view details button to check the instruction. You will get every instruction in the description section but it will be not easy to understand for everyone that’s why I am writing this blog. However, let me add those snippets that you need to add your WordPress files.

First, you have to modify the .htaccess file in your WordPress folder. Just open the .htaccess file in your editor and add these red bordered two line code after rewrite engine on. See the screenshot below.

RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

Then go to wp-config.php file and these two line code in the before ending blog. See the code and screenshot below.

//jwt plugin configure
define('JWT_AUTH_SECRET_KEY', 'your-security-nonce-key-will-be-here');
define('JWT_AUTH_CORS_ENABLE', true);

To collect your security key visit this link .

<!-- Visit this link -->

After you visit the link you will see the screen like below screen. Just copy the key in red border area and paste in WP config file where the code say your own key.

So that’s it. Your JWT plugin configuration done.

Step Three: Checking if JWT plugin is configured perfectly.

To check it visit your website and enter the URL. You will that is new namespace added called jwt-auth/v1 . Check the screenshot below.


Step Four: Getting access token through Postman Tool

Hope you have already installed postman tool. Now open your postman tool and follow my process. See the screenshot there is seven steps you have to do . I have mention all the step in the screenshot but I will write them here so you understand it easily.

  1. First, open Postman tool and add a new tab.
  2. Set the method as a POST method.
  3. Add the jet auth endpoint “wp-json/jwt-auth/v1/token” just add this after your website URL.
  4. Select the body and set data type raw.
  5. Select data type JSON from the dropdown.
  6. Add your WordPress site admin user name and password in the JSON syntax .
  7. Finally, click send button.

After click send button if everything is okay you will see a screenshot like this .So you have to copy this token and use in your application as a bearer token.

So that was my article. Hope you have enjoyed it. If you have any question please feel free to comment I will reply.

Mehedi Hasan
5 1 vote
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x