Newsletter API version 2 – Authentication

V2 version of the REST API uses HTTP Basic Auth in secure HTTPS connections

How to generate REST API credentials?

To use API v2 you need to generate the “Client key” and “Client secret” key pair.
To create this key pair you need to go to the Newsletter> API addon management panel and click the ‘Create Key’ button.

In the next screen, add the description, select the WordPress user you would like to associate the keys for and select which permissions to associate with the key.
The permissions can be read, write or read and write and based on the chosen permission some endpoints may (or may not) be used. With the read permission you can access to all data display endpoints (GET requests) while with the write permission access you can handle data insertion, modification and deletion (with POST / PUT / PATCH requests). Attention! it is important to associate the key to a user with the role that allows him to administer the newsletter plugin . Once this information has been entered, click the “Save” button.

The keys are generated and you will be able to see them.
Save a copy of the two keys in a safe place and use to authenticate calls.
You must use HTTP Basic Auth authentication by providing “Client Key” as username and “Client Secret” as password in an HTTPS connection.

Authentication error

In some servers/hosting it may happen that the authorization header is not passed to PHP and the call will fail returning a 401 “newsletter_rest_authentication_error” error.
In these cases you can solve the problem in 2 ways:

  • modify the .htaccess file by adding this rule SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1 (Please backup .htaccess file before editing!!!)
  • or provide the client key/secret as query string parameters instead. Example => https://yoursite.org/wp-json/newsletter/v2/subscribers?client_key=XXXX&client_secret=XXXX

I want to test the API on localhost without HTTPS

To test the API on server without HTTPS protocol add this code in the wp-config.php file:
define ('NEWSLETTER_REST_ALLOW_NON_HTTPS_REQUEST', true);
Please note that this change will allow API calls without HTTPS, so the security keys will not be encrypted from client to server.

Have you ever considered going premium?

With a premium plan, you'll get whole collection of 30+ professional addons, along with a full year of updates and priority support. No automatic renewals, frequent releases and a solid 30 days refund policy.