Application Passwords
Since WP version 5.6, routes have been introduced that allow you to get/create/update/delete application passwords for a specific user.
Possible routes (the endpoints are described below):
/wp/v2/users/{ID}/application-passwords // works with the specified user /wp/v2/users/me/application-passwords // works with the current user /wp/v2/users/{ID}/application-passwords/introspect /wp/v2/users/{ID}/application-passwords/uuid /wp/v2/users/me/application-passwords/uuid
- Controller class: WP_REST_Application_Passwords_Controller{}
Schema
The schema shows all fields that exist for the object: the fields of the object that the request will return.
Parameter | Context | Description |
---|---|---|
uuid String readonly |
view, edit, embed | Unique identifier for the application password. |
app_id String |
view, edit, embed | UUID provided by the application for unique identification. It is recommended to use UUID v5 with a URL or DNS namespace. |
name String required |
view, edit, embed | The name of the application password. |
password String readonly |
edit | The created password. Available after adding the application. |
created String readonly |
view, edit | The date and time (GMT) the application password was created. |
last_used String/null readonly |
view, edit | The date and time (GMT) of the last use of the application password. |
last_ip String/null readonly |
view, edit | The IP address from which the application password was last used. |
/wp/v2/users/{ID}/application-passwords/wp/v2/users/me/application-passwords
An OPTIONS request to the route will return a full description of this route.
OPTIONS http://demo.wp-api.org/wp-json/wp/v2/users/{ID}/application-passwordsGitHub
View User's Application Passwords
Retrieves all application passwords for the user. See WP_Application_Passwords::get_user_application_passwords().
Request Type
GET /wp/v2/users/{id}/application-passwords
Request Parameters
- $context(string)
- The scopes in which the request is made determine the fields in the response. Possible values:
view
,embed
,edit
.
Default: view
Example Request
GET https://wp-kama.ru/api/wp/v2/users/1/application-passwords
Response:
[ { "uuid": "e76548d7-0274-438c-b04a-904301bda4d32", "app_id": "", "name": "Test", "created": "2020-12-23T13:47:55", "last_used": "2020-12-23T13:48:55", "last_ip": "89.149.201.210", "_links": { "self": [ { "href": "https://wp-kama.ru/api/wp/v2/users/1/application-passwords/e76548d7-0274-438c-b04a-904301bda4d32" } ] } }, { "uuid": "e76548d7-0274-438c-b04a-987301bda4d32", "app_id": "", "name": "Test2", "created": "2020-12-23T13:49:08", "last_used": null, "last_ip": null, "_links": { "self": [ { "href": "https://wp-kama.ru/api/wp/v2/users/1/application-passwords/e76548d7-0274-438c-b04a-987301bda4d32" } ] } } ]
Create Application Password
Creates an application password. See WP_Application_Passwords::create_new_application_password().
Request Type
Access: requires authorization.
POST /wp/v2/users/{id}/application-passwords
Request Parameters
- $name(string) (required)
- The name of the application password.
- $app_id(string)
- UUID provided by the application for unique identification. It is recommended to use UUID v5 with a URL or DNS namespace.
Default: ''
Example Request
POST https://wp-kama.ru/api/wp/v2/users/1/application-passwords?name=Test2
Response:
{ "uuid": "c9e5ce07-0ccb-4a2e-963a-feda93cf8bab", "app_id": "", "name": "Test2", "created": "2020-12-23T12:41:38", "last_used": null, "last_ip": null, "password": "pNFX LyvZ gz75 tiks UZiT xlSL", "_links": { "self": [ { "href": "https://wp-kama.ru/api/wp/v2/users/1/application-passwords/c9e5ce07-0ccb-4a2e-963a-feda93cf8bab" } ] } }
Delete User's Application Passwords
Deletes all application passwords for the user. See WP_Application_Passwords::delete_all_application_passwords().
Request Type
Access: requires authorization.
DELETE /wp-json/wp/v2/users/1/application-passwords
Request Parameters
No parameters.
Example Request
DELETE https://example.com/wp-json/wp/v2/users/1/application-passwords
/wp/v2/users/{ID}/application-passwords/introspect
Retrieves the application password currently used for user authentication.
See WP_REST_Application_Passwords_Controller::get_current_item().
An OPTIONS request to the route will return a full description of this route.
OPTIONS http://demo.wp-api.org/wp-json/wp/v2/users/{ID}/application-passwords/introspect
Request Type
GET /wp/v2/users/{ID}/application-passwords/introspect
Request Parameters
- $context(string)
- The scope of the request determines the fields in the response. Possible values:
view
,embed
,edit
.
Default: view
/wp/v2/users/{ID}/application-passwords/uuid/wp/v2/users/me/application-passwords/uuid
These endpoints are the same as the previous ones, only they work with a specific application password.
An OPTIONS request to the route will return a full description of this route.
OPTIONS http://demo.wp-api.org/wp-json/wp/v2/users/{ID}/application-passwords/{uuid}GitHub
View Application Password
Retrieves the specified application password. See: WP_REST_Application_Passwords_Controller::get_item().
Request Type
GET /wp/v2/users/{ID}/application-passwords/{uuid}
Request Parameters
- $context(string)
- The scope of the request determines the fields in the response. Possible values:
view
,embed
,edit
.
Default: view
Example
GET https://example.com/wp-json/wp/v2/users/1/application-passwords/e79943d8-0367-287c-b07a-90001bda4d32
Response:
{ "uuid": "e79943d8-0367-287c-b07a-90001bda4d32", "app_id": "", "name": "Test2", "created": "2020-12-23T13:49:08", "last_used": null, "last_ip": null, "_links": { "self": [ { "href": "https://example.com/api/wp/v2/users/1/application-passwords/e79943d8-0367-287c-b07a-90001bda4d32" } ] } }
Update Application Password
Updates the password for the specified application. See: WP_REST_Application_Passwords_Controller::update_item().
Request Type
Access: requires authorization.
POST|PUT|PATCH /wp/v2/users/{user_id}/application-passwords/{uuid}
Request Parameters
- $name(string) (required)
- The name of the application password.
Example
POST https://example.com/wp-json/wp/v2/users/1/application-passwords/e77743d8-0367-287c-b07a-90001bda4d32
Delete Application Password
Deletes the user's passwords for the specified application. See: WP_REST_Application_Passwords_Controller::delete_item().
Request Type
DELETE /wp/v2/users/{user_id}/application-passwords/{uuid}
Request Parameters
No parameters.
Example
DELETE https://example.com/wp-json/wp/v2/users/1/application-passwords/e78743d8-0367-287c-b07a-90001bda4d32