WordPress · Authentication Profile

Wordpress Authentication

Authentication

WordPress secures its APIs with apiKey and http across 2 declared security schemes, as derived from its OpenAPI definitions.

CMSContent ManagementOpen SourceWordPress
Methods: apiKey, http Schemes: 2 OAuth flows: API key in: cookie

Security Schemes

cookieAuth apiKey
· in: cookie (wordpress_logged_in)
basicAuth http
scheme: basic

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/wordpress-rest-api-openapi.yml
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - cookie
schemes:
- name: cookieAuth
  type: apiKey
  in: cookie
  parameter: wordpress_logged_in
  description: WordPress cookie authentication with nonce (X-WP-Nonce header required)
  sources:
  - openapi/wordpress-rest-api-openapi.yml
- name: basicAuth
  type: http
  scheme: basic
  description: HTTP Basic Authentication using Application Passwords (WordPress 5.6+)
  sources:
  - openapi/wordpress-rest-api-openapi.yml