WordPress REST API and OAuth is a perfect combination for many applications which runs WordPress as a backend. But for the beginners OAuth handshaking will be a bit complex one to understand. If you are is this category, don’t worry you are in the right place to learn about the WordPress REST API and OAuth handshake to get the access tokens.

OAuth handshake consists of 3 transactions to get the access token.

  1. Request
  2. Authorize
  3. Access

You can see the endpoints for these handshake in the {BASE_PATH}/wp-json/wp/v2 path.

First thing before you start the OAuth handshake is that, you need your client key and secret. You can get one from your WordPress admin. Navigate to {BASE_PATH}/wp-admin/users.php?page=rest-oauth1-apps&action=add and add your client name to generate a new key and secret.

I’m going to use Chrome extension Postman for this handshake.


Lets open Postman rest client and enter the below information in the appropriate boxes.

  1. Request URL ({{BASE_PATH}}/oauth1/request)

Now hit the SEND button to get oauth_token, oauth_token_secret and oauth_callback_confirmed. These 3 parameters are required to get the next access tokens. Copy and save this keys somewhere for the later use.


Now, we are ready to authorize our client for the REST API access. You can open up your favorite browser and enter the authorize URL along with your oauth tokens which you have got in the previous step. The final URL will look something like {BASE_PATH}/oauth1/authorize?oauth_token={oauth_token}&oauth_token_secret={oauth_token_secret}&oauth_callback_confirmed=true.

You will see a message from WordPres which looks something below;

You can happily Authorize this and get the new oauth_verifier for the next step.


The final step…

Again come back to Postman to get the final access_token and access_secret. Now we need to provide 5 keys to get the final keys.

Those are;


Keys 1 and 2 are from the WordPress admin. 3 and 4 are from STEP 1. 5th one from theĀ  STEP 2.

Once you have filled in all the data you can hit the SEND button to get your final access_token and access_secret.

This will be your final token to access the site content via WordPress REST API.