This guide assumes you have already installed and configured JWT Auth Pro. If you haven’t, please follow the Installation Guide first.

Authentication Flow

1. Get a Token

To authenticate a user and get a JWT token: 
curl -X POST \
  https://your-site.com/wp-json/jwt-auth/v1/token \
  -H "Content-Type: application/json" \
  -d '{"username": "your-username", "password": "your-password"}'

2. Use the Token

Make authenticated requests using the token. Here’s an example using the WordPress /me endpoint to get the current user’s data: 
curl -X GET \
  https://your-site.com/wp-json/wp/v2/users/me \
  -H "Authorization: Bearer YOUR-JWT-TOKEN"

3. Refresh Token

When the access token expires, use the refresh token to get a new one: 
curl -X POST \
  https://your-site.com/wp-json/jwt-auth/v1/token/refresh \
  -H "Content-Type: application/json" \
  -d '{"refresh_token": "YOUR-REFRESH-TOKEN"}'

4. Revoke Token (Logout)

When a user logs out or you need to invalidate a token, use the revoke endpoint: 
curl -X POST \
  https://your-site.com/wp-json/jwt-auth/v1/token/revoke \
  -H "Authorization: Bearer YOUR-JWT-TOKEN"
Remember to never expose your JWT secret key or store tokens in plain text. Always use secure storage methods appropriate for your platform.