Example of request to get a JWT token for a WP user account.
\nRequired POST params are the username and password.
\nNONCE\nIf you have the optional REST nonce module enabled you will need to pass a valid nonce via the X-WP-NONCE header.
\n","urlObject":{"protocol":"http","path":["wp-json","wp-headless","v1","jwt","get-token"],"host":["car-shows","test"],"query":[{"disabled":true,"description":{"content":"WP Account username
\n","type":"text/plain"},"key":"username","value":"test@test.com"},{"disabled":true,"description":{"content":"WP Account password
\n","type":"text/plain"},"key":"password","value":"$GH345kh8923"}],"variable":[]}},"response":[],"_postman_id":"fc567f81-ff31-442e-a236-fa247bd1fd6c"},{"name":"JWT validate-token","id":"5f4c9cf6-04d2-4989-9f48-5bae3c3a3355","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","description":"Set correct content type
\n","type":"text"},{"key":"accept","value":"application/json","description":"Set correct accept header
\n","type":"text"},{"key":"Authorization","value":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodH","description":"Provide the JWT token for user account to validate.
\n","type":"text"}],"url":"http://car-shows.test/wp-json/wp-headless/v1/jwt/validate-token","description":"Make a request to validate a user JWT token. If succesful the rest api will return a JSON object with some basic user data.
\nYou can edit the data returned via the filter 'wp_headless_rest__generate_jwt_response'
\nSee the request headers for example of what to pass in the request.
\n!NOTE!
\nEnsure your web server supports the HTTP Authorization Header. If you are using a shared host, this is often disabled by default. To enable it, add the following to your WordPress’ .htaccess file:
\nRewriteEngine on\nRewriteCond %{HTTP:Authorization} ^(.*)\nRewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]\nNONCE\nThis is note required for this request, ever!
\n","urlObject":{"protocol":"http","path":["wp-json","wp-headless","v1","jwt","validate-token"],"host":["car-shows","test"],"query":[],"variable":[]}},"response":[],"_postman_id":"5f4c9cf6-04d2-4989-9f48-5bae3c3a3355"},{"name":"Create Post","id":"5a32ff9b-f51d-4316-98f7-8cee6228924d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"description":"Set correct content type
\n","key":"Content-Type","type":"text","value":"application/json"},{"description":"Set correct accept header
\n","key":"accept","type":"text","value":"application/json"},{"description":"Provide the JWT token for user account making the request
\n","key":"Authorization","type":"text","value":"eyJ0eXAiOiJKV1QiLCJhbGlwvXC9sb2NhbC53b3JkcHJlc3MudGVzdCIsImlhdCI6MTU0ODg5MTMyMSwibmJmIjoxNTQ4ODkxMzIxLCJleHAiOjE1NDk0OTYxMjEsImRhdGEiOnsidXNlciI6eyJpZCI6IjIifX19.3I2m8LzcApHC7dEFFV_LQ2xXFT1mYoqG_yN-i80JiCA"}],"body":{"mode":"formdata","formdata":[{"key":"title","value":"rest jwt post test 2","description":"New post title
\n","type":"text"},{"key":"content","value":"lorum ipsum stuff..","description":"New post content
\n","type":"text"},{"key":"status","value":"draft","description":"New post status
\n","type":"text"}]},"url":"http://local.wordpress.test/wp-json/wp/v2/posts","description":"Similar to the standard WP Rest API create request but you must pass the Headers demonstrated in the example.
\nThe Authorization header contains the User JWT token, this is how we authorise the request with WordPress so it's kind of important.
\nNONCE\nNonce isn't required for this request, ever!
\n","urlObject":{"protocol":"http","path":["wp-json","wp","v2","posts"],"host":["local","wordpress","test"],"query":[],"variable":[]}},"response":[],"_postman_id":"5a32ff9b-f51d-4316-98f7-8cee6228924d"},{"name":"Posts Nonce Example","id":"c0924ffa-c292-44b7-89a6-017478dc6d73","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"url":"http://local.wordpress.test/wp-json/wp/v2/posts/","description":"An example of a standard GET request when the optional REST API Nonce module is enabled.
\nWhen enabled you must pass the X-WP-NONCE header with a valid nonce key in each request.
\nSee the plugin admin page for more documentation on the nonce module
\n","urlObject":{"protocol":"http","path":["wp-json","wp","v2","posts",""],"host":["local","wordpress","test"],"query":[],"variable":[]}},"response":[],"_postman_id":"c0924ffa-c292-44b7-89a6-017478dc6d73"},{"name":"rest-nonce generate","id":"f878c87c-ccdd-4ffb-8c15-a6a15041f660","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"description":"Public nonce generate key set via filter 'wp_headless_rest__rest_nonce_generator_key'
\n","key":"X-WP-NONCE-GENERATOR","type":"text","value":"B*&dU:J73w6KYc~|7XVOwVoXSJ#&tAF(&EM@BDh5Ba!&X|Im[`u+/#?[h=If you are using the nonce module with WordPress in true Headless mode. Then you will have enabled the nonce generator endpoint via the REST nonce module setting filters (see the plugin admin page for docs).\nYou will need to set a public key for the generator endpoint with the filter 'wp_headless_rest__rest_nonce_generator_key' (see the plugin admin page for docs)
\nPass this key in the X-WP-NONCE-GENERATOR header, this will allow the endpoint to return you a fresh nonce.
\nJWT NOTES: If all requests to the REST api provide the JWT auth header a nonce key is NOT required. Also, any requests to the JWT get-token endpoint do not require a Nonce.
\n","urlObject":{"protocol":"http","path":["wp-json","wp-headless","v1","rest-nonce","generate"],"host":["local","wordpress","test"],"query":[],"variable":[]}},"response":[],"_postman_id":"f878c87c-ccdd-4ffb-8c15-a6a15041f660"},{"name":"rest-nonce validate","id":"61e806ce-af9f-4bbd-97c1-a8b8818819b9","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"description":"Example of using option Nonce in rest requests if module is enabled
\n","key":"X-WP-NONCE","type":"text","value":"beb6e8034f"}],"url":"http://local.wordpress.test/wp-json/wp-headless/v1/rest-nonce/validate","description":"If you are using the nonce module with WordPress in true Headless mode.
\nThen you will have enabled the nonce generator endpoint via the REST nonce module setting filters (see the plugin admin page for docs).
\nWith the REST Nonce module enable you will have to pass a valid nonce key with every rest request.
\nThe rest api will return an error on any request if a nonce is invalid and needs to be re-generated.
\nBut you can also check if a nonce is valid with this request.
\nJust add the nonce key into X-WP-NONCE header as ususal
\nJWT NOTES: If all requests to the REST api provide the JWT auth header a nonce key is NOT required. Also, any requests to the JWT get-token endpoint do not require a Nonce.
\n","urlObject":{"protocol":"http","path":["wp-json","wp-headless","v1","rest-nonce","validate"],"host":["local","wordpress","test"],"query":[],"variable":[]}},"response":[],"_postman_id":"61e806ce-af9f-4bbd-97c1-a8b8818819b9"}]}