You don\'t need plugins for authentication unless you\'re making a cross domain request, and to get the nonce, you just create it as you would any other nonce.
As the handbook states:
For developers making manual Ajax requests, the nonce will need to be passed with each request. The API uses nonces with the action set to wp_rest
. These can then be passed to the API via the _wpnonce data parameter (either POST data or in the query for GET requests), or via the X-WP-Nonce header. If no nonce is provided the API will set the current user to 0, turning the request into an unauthenticated request, even if you’re logged into WordPress.
So lets do that:
$nonce = wp_create_nonce( \'wp_rest\' );
There\'s nothing special about how the nonce gets created, it\'s created the same way as every other nonce in WordPress. You would use the same function to put nonces on your action buttons and in your forms to improve security.
Now we just put it in our doc in a way javascript can access it. Luckily the handbook gives us a working code example:
https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/
<?php
wp_localize_script( \'wp-api\', \'wpApiSettings\', array(
\'root\' => esc_url_raw( rest_url() ),
\'nonce\' => wp_create_nonce( \'wp_rest\' )
) );
Followed by a working example of using the nonce in jQuery for an authenticated POST request:
$.ajax( {
url: wpApiSettings.root + \'wp/v2/posts/1\',
method: \'POST\',
beforeSend: function ( xhr ) {
xhr.setRequestHeader( \'X-WP-Nonce\', wpApiSettings.nonce );
},
data:{
\'title\' : \'Hello Moon\'
}
} ).done( function ( response ) {
console.log( response );
} );
If you enqueue the built in backbone based REST library, it will automatically generate the nonce using the same code above.
This will work when combined with a cookie for a logged in user, however, it will not work for requests across domains.
If you\'re trying to make a REST API request from another website, a CLI app, mobile app, a Node application, etc etc you will need a custom authentication plugin. You will need to consult with their documentation and support avenues though as 3rd party plugin dev support is offtopic on this stack