Basic Authentication for the JSON API only be used for development and testing

[4n70w4]

https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/#authentication-plugins

https://github.com/WP-API/Basic-Auth

How can use a more secure authentication protocol for production?

[mowshon]

https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/

[str]

Is basic authentication working? I tried testing a request to /wp-json/wp/v2/users/me but got the error:

( ! ) Fatal error: Uncaught GuzzleHttp\Exception\ClientException: 
Client error: `GET http://[...]/wp-json/wp/v2/users/me` 
resulted in a 
`401 Unauthorized` 
response: 
{"code":"rest_not_logged_in","message":"You are not currently logged in.","data":{"status":401}}
 in [...]/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php on line 111

[angelxmoreno]

@str are you using a user password or application password? AFAIK, this library would need an application password. Take a look at this: https://wprestclient.readthedocs.io/en/latest/misc/application-password/