Restricting REST API Data

The following guide is for developers using the WP Video Memberships and pulling REST API JSON data for your videos using a third party app (iOS, Android, etc).

If you are NOT using WP Video Memberships, this guide does not apply

Get your Client ID and Secret

Within the WordPress Dashboard, go to WP Videos -> API Keys. As of version 2.7.6 of the WP Videos plugin, there is a new section on this page labeled WPVS REST API.

Your Client ID and Secret will automatically be generated for you.

Authentication - Getting A Login Token

Once you have your Client ID and Secret, you will need to send a POST request to:

{your-domain}/wp-json/wpvs-memberships/v1/auth

You need to include your Client ID and Secret in your POST Headers like so:

WPVS-ClientID: {your-client-id}
WPVS-Secret: {your-secret}

On a successful request, the endpoint will return a token variable in JSON format. Save this token for the Login Request.

Login Request - Getting An Access Token

Once you've retrieved a token from the /auth endpoint, you will need to make a second POST request to:

{your-domain}/wp-json/wpvs-memberships/v1/login

You need to include the token from the previous request, along with the username and password in the Body of your POST request:

token={token}
username={username}
pass={password}

On a successful request, you will receive a JSON response with the following variables:

{
token: {access-token},
refresh_token: {refresh-token},
expires: {expire-date}
}

Important: Access Tokens expire after one day (24 hours). Make sure you store your refresh_token in order to get a new Access Token. Expired Access Tokens will result in invalid requests.

Refreshing Access Tokens

If you make a request to an endpoint such as {your-domain}/wp-json/wp/v2/wpvsvideos with an invalid or expired token, a JSON variable wpvs_rest_error will be returned:

Invalid Token response:

{
wpvs_rest_error: "Invalid token"
}

Expired Token response:

{
wpvs_rest_error: "Token expired"
}

If you receive an Invalid token response, you will need to go through the Authentication and Login process again to retrieve a new token.

If you receive a Token expired response, you can do a POST request to the following endpoint:

{your-domain}/wp-json/wpvs-memberships/v1/refresh

You need to include the refresh_token (which you should have stored from the initial Access Token Request) as a Header in your request:

WPVS-RefreshToken: {stored_refresh_token}

In addition, you need to include the username and password in the Body of your POST request:

username={username}
pass={password}

On a successful request, you will receive a JSON response with the following variables:

{
token: {access-token},
refresh_token: {refresh-token},
expires: {expire-date}
}

The refresh_token should be the same as the one already stored. The token and expires date will be updated.

Making Requests with an Access Token

Once you have a valid access token, you will need to include it when sending a GET request to access your video(s) JSON data. For example:

{your-domain}/wp-json/wp/v2/wpvsvideos/?wpvstoken={access-token}

Parameter to send with request

wpvstoken={access-token}

IMPORTANT: Make sure that you request and use unique Access Tokens for each User. This is done automatically using the process above.