Rest API Addon

This addon for Digits provides the functionality of login/signup using mobile phone numbers to your WordPress site using REST API.

Authentication Process:

The API authentication is token-based, ensuring enhanced security compared to conventional methods. By eliminating the need for user credentials, access can be restricted at any time.

Access Token Usage:

An Access Token serves as a substitute for user credentials in subsequent requests. To authenticate with an access token, include the following header in your request:

Authorization: Bearer access_token

Note: If a user changes their password, you will need to re-request the access token.

Access Token Validity:

Access tokens expire after 14 days of inactivity. To renew an expired token, you must request a new one. The expiry duration can be adjusted from the REST API addon settings.

Expired tokens result in a 401 HTTP error code, along with the following error message:

{
  "success": false,
  "data": {
    "error": "token_expired",
    "message": "Your session has expired. Please login again"
  }
}

Error Handling:

If authentication fails, a 401 HTTP error code is returned with the following error message:

{
  "success": false,
  "data": {
    "error": "invalid_token",
    "message": "Invalid Token"
  }
}

Configuration:

For proper authentication, add the following to your .htaccess file:

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Additionally, include the following in your httpd.conf file:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Note: Requests should be sent as POST parameters in the request body.

Firebase Gateway Integration:

To utilize Firebase Gateway for OTP verification, ensure you have incorporated their native libraries. Token verification can be performed at https://jwt.io/.

For further details, refer to: Firebase Documentation

This information ensures a streamlined authentication process for your API integration.