Skip to content

REST API Keys

WPLM’s REST API uses HTTP Basic authentication with per-key scoped credentials. Consumer keys are hashed in the database — only the truncated tail is displayed after creation.

  1. Go to License Manager → Settings → REST API.
  2. Click Add Key.
  3. Set a Description (e.g. “My Plugin SDK”), choose a User, and set Permissions (read, write, or read_write).
  4. Click Generate API Key.
  5. Copy the Consumer Key and Consumer Secret — they are shown only once.

Use HTTP Basic authentication:

Terminal window
# Using -u shorthand
curl https://yoursite.com/wp-json/wplm/v1/licenses \
-u "ck_xxxxxxxxxxxx:cs_xxxxxxxxxxxx"
# Or as a header
curl https://yoursite.com/wp-json/wplm/v1/licenses \
-H "Authorization: Basic $(echo -n 'ck_xxx:cs_xxx' | base64)"
ScopeAccess
readGET endpoints only — list, retrieve, validate
writePOST/PUT/DELETE — create, update, activate, revoke
read_writeFull access

Client-facing endpoints (/validate, /activate, /deactivate, /heartbeat, /crl, /public-key) are public — no API key required.