Hi @yoursql719,

Thanks for reaching out.

Yes, we will surely publish the document so you and other users using our plugin will have help in this regard.

Regarding your question, The Basic Auth uses user credentials which serves the purpose of both Authentications as well as authorization.
The validation of the user credentials fulfils the need for user authentication that the request has been made from a valid user and the Authorization servers the purpose to only allow to view the data or perform any operation for what he is allowed to do so based on his capabilities.

Example – If someone tries to access the WordPress posts GET API, then if the credentials are of subscriber user, then only he will be allowed to access the posts which only subscriber can view. Similarly, if the subscriber user tries to create the posts via API, then as per WordPress guidelines, only Admins and Editors are allowed to create/update posts, so that subscriber user will receive the error from the WordPress side.

So, basically, it depends upon your requirements what type of operation you want to perform via WordPress API call hence there won’t be any risk. Also, if you have concerns about using a user’s credentials, then you can opt for Basic Auth with Client credentials method or the most secure OAuth 2.0 Auth with Client Credentials grant. You can check all the auth methods in detail from https://plugins.miniorange.com/wordpress-rest-api-authentication#rest-api-methods

To get more information and discuss your requirements in detail with our technical engineer, please feel free to drop out an email to apisupport@xecurify.com.

Thanks,
Team miniOrange

• This reply was modified 2 years, 3 months ago by miniOrange.
• This reply was modified 2 years, 3 months ago by miniOrange.