All REST API-related configuration options are available in the settings. Please note that these settings are only available with the premium version of WC Serial Numbers.
Vulnerable HTTP Connections
Activate this setting if you want to allow insecure connections to the REST API. We generally do not recommend this, since the transmitted data can contain extremely sensitive content, which can be intercepted when using unsecured connections.
Active Checking on Verification
Activate this setting if you want to make the “hosts” field required when activating a license via REST API. As a result, the corresponding host system must be included in each activation. If it is not included within the list of hosts of a license, the activation will be rejected.
Connecting to the REST API requires a REST API key, which can be entered in the configurations. However, you won’t be able to see the full key once you’ve added it, so make sure to jot down all of the key’s information as soon as it’s formed.
Afterward, you can revoke, view, or edit a key at any time.
Let’s move on to the settings of a key. During creation and editing, you can specify several things.
The key should be associated with a specific user. This is because WordPress’s roles and permissions structure relies on individual users. As a result, you should add a “WC Serial Numbers REST API Agent” user. The role has full access to all the features and functions of WordPress.
The next step is to designate the key as read-only, write-only, or read-write. This has to be done for security reasons even if it may seem unnecessary. Never give any more information than is strictly necessary.
Finally, you can restrict the paths a key may take when making a request. In this method, you can generate unique keys with distinct permissions for various routes and actions.