The authentication of the App to the multivendor website is done by JSON Web Token (JWT) method.
For using this authentication system to work on your WordPress multivendor website you need to install and activate JWT Authentication for WP REST API plugin in your website.
Setting Up and Configuring the JWT Authentication for WP REST API plugin:
- Enable HTTP Authorization Header: The plugin requires HTTP Authorization Header to be enabled in your server. If it is not enabled by default you can ask the hosting provider for the same.
Most of the shared hosting disables the HTTP Authorization Header by default. To enable this option you’ll need to edit your .htaccess file adding the following
RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
WPENGINE
To enable this option you’ll need to edit your .htaccess file adding the following
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
- Configuring the Secret Key: The JWT needs a secret key to sign the token this secret key must be unique and never revealed. To add the secret key edit your wp-config.php file and add a new constant called JWT_AUTH_SECRET_KEY
define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');
- To enable the Cross-origin Support, edit your wp-config.php file and add a new constant called JWT_AUTH_CORS_ENABLE
define('JWT_AUTH_CORS_ENABLE', true);
*NOTE: The JWT_AUTH_SECRET_KEY and JWT_AUTH_CORS_ENABLE should be defined before ‘WP_DEBUG’ definition in the wp-config.php preferably just after the NONCE_SALT definition.