Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.jwtauth.pro/llms.txt

Use this file to discover all available pages before exploring further.

This guide assumes you have already installed and configured JWT Auth Pro. If you haven’t, please follow the Installation Guide first.

Authentication Flow

1. Get a Token

To authenticate a user and get a JWT token: 
curl -X POST \
  https://your-site.com/wp-json/jwt-auth/v1/token \
  -H "Content-Type: application/json" \
  -d '{"username": "your-username", "password": "your-password"}'

2. Use the Token

Make authenticated requests using the token. Here’s an example using the WordPress /me endpoint to get the current user’s data: 
curl -X GET \
  https://your-site.com/wp-json/wp/v2/users/me \
  -H "Authorization: Bearer YOUR-JWT-TOKEN"

3. Refresh Token

When the access token expires, use the refresh token to get a new one: 
curl -X POST \
  https://your-site.com/wp-json/jwt-auth/v1/token/refresh \
  -H "Content-Type: application/json" \
  -d '{"refresh_token": "YOUR-REFRESH-TOKEN"}'

4. Revoke Token (Logout)

When a user logs out or you need to invalidate a token, use the revoke endpoint: 
curl -X POST \
  https://your-site.com/wp-json/jwt-auth/v1/token/revoke \
  -H "Authorization: Bearer YOUR-JWT-TOKEN"
Remember to never expose your JWT secret key or store tokens in plain text. Always use secure storage methods appropriate for your platform.