FluentBoards Developers

# Authentication

FluentBoards uses WordPress Application Passwords for REST API authentication. This is the standard WordPress authentication method that provides secure, non-interactive access to the REST API.

# Creating Application Passwords

# Step 1: Access User Profile

  1. Log in to your WordPress admin dashboard
  2. Navigate to Users → Profile (or Users → All Users and click on your user)
  3. Scroll down to the "Application Passwords" section

# Step 2: Create New Application Password

  1. In the "Application Passwords" section, enter a name for your application (e.g., "Fluent Boards API")
  2. Click "Add New Application Password"

WordPress Application Passwords

# Step 3: Save Your Credentials

After creating the application password, WordPress will display:

  • Username: Your WordPress username
  • Application Password: A generated password (e.g., "oqYd hptb PnKC XHur CJbG 01UW")

Generated Application Password

Important

Save these credentials immediately! The application password cannot be retrieved later and will only be shown once.

Note

Application passwords are different from your regular WordPress password and are specifically designed for API access. They can be easily revoked if needed.

# Authentication Methods

Use HTTP Basic Authentication with your API credentials:

curl "https://yourdomain.com/wp-json/fluent-boards/v2/projects" \
  -H "Authorization: Basic $(echo -n 'API_USERNAME:API_PASSWORD' | base64)"
1
2

For testing only, you can use cookie authentication, but this is not recommended for API access:

curl "https://yourdomain.com/wp-json/fluent-boards/v2/projects" \
  -H "Cookie: wordpress_logged_in_xxx=your_cookie_value"
1
2

Security Notice

Never use cookie authentication for API access in production. Always use Application Passwords with proper Authorization headers.

# Example API Call

Here's a complete example of making an authenticated API request:

curl "https://yourdomain.com/wp-json/fluent-boards/v2/projects" \
  -H "Authorization: Basic API_USERNAME:API_PASSWORD" \
  -H "Content-Type: application/json"
1
2
3

# Response

{
  "data": [
    {
      "id": 1,
      "title": "Project Alpha",
      "description": "Main project board",
      "status": "active",
      "created_at": "2024-01-15T10:30:00Z",
      "updated_at": "2024-01-15T10:30:00Z"
    }
  ],
  "message": "Success",
  "total": 1,
  "current_page": 1,
  "per_page": 15
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

# Programming Language Examples

# PHP

<?php
$username = 'your_api_username';
$password = 'your_api_password';
$url = 'https://yourdomain.com/wp-json/fluent-boards/v2/projects';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json'
]);

$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);
?>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

# JavaScript (Node.js)

const axios = require('axios');

const apiCredentials = Buffer.from('API_USERNAME:API_PASSWORD').toString('base64');

const config = {
  headers: {
    'Authorization': `Basic ${apiCredentials}`,
    'Content-Type': 'application/json'
  }
};

axios.get('https://yourdomain.com/wp-json/fluent-boards/v2/projects', config)
  .then(response => {
    console.log(response.data);
  })
  .catch(error => {
    console.error('Error:', error.response.data);
  });
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

# Python

import requests
from requests.auth import HTTPBasicAuth

username = 'your_api_username'
password = 'your_api_password'
url = 'https://yourdomain.com/wp-json/fluent-boards/v2/projects'

response = requests.get(
    url,
    auth=HTTPBasicAuth(username, password),
    headers={'Content-Type': 'application/json'}
)

if response.status_code == 200:
    data = response.json()
    print(data)
else:
    print(f"Error: {response.status_code}")
    print(response.text)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

# Ruby

require 'net/http'
require 'uri'
require 'base64'

username = 'your_api_username'
password = 'your_api_password'
url = URI('https://yourdomain.com/wp-json/fluent-boards/v2/projects')

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request['Authorization'] = "Basic #{Base64.strict_encode64("#{username}:#{password}")}"
request['Content-Type'] = 'application/json'

response = http.request(request)
puts response.body
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

# Testing Your Authentication

To verify your credentials are working, make a simple API call:

curl "https://yourdomain.com/wp-json/fluent-boards/v2/projects" \
  -H "Authorization: Basic API_USERNAME:API_PASSWORD"
1
2

If successful, you'll receive a JSON response with your projects data.

# Troubleshooting

# Common Issues

401 Unauthorized Error

  • Verify your username and application password are correct
  • Ensure the application password hasn't been revoked
  • Check that the user account has proper permissions
  • Verify that FluentBoards is properly installed and activated

403 Forbidden Error

  • The user account may lack necessary permissions
  • Verify the account has appropriate WordPress capabilities
  • Check if the user has access to FluentBoards features

404 Not Found Error

  • Verify the API endpoint URL is correct
  • Ensure FluentBoards is installed and the REST API is enabled
  • Check your WordPress permalink structure

# Permission Requirements

Your API user account needs these minimum permissions:

  • WordPress Administrator role: Full access to all endpoints
  • Appropriate capabilities: Required for the specific operations you're performing
  • FluentBoards access: User must have access to FluentBoards features

# Security Best Practices

  1. Use HTTPS: Always make API calls over secure connections
  2. Rotate Credentials: Regularly update your API credentials
  3. Limit Permissions: Grant only the minimum required permissions
  4. Monitor Usage: Track API usage for unusual activity
  5. Secure Storage: Never commit credentials to version control
  6. Dedicated Accounts: Use dedicated user accounts for API access, not your main admin account

# Managing Application Passwords

# View Existing Application Passwords

In your WordPress user profile, you can see all existing application passwords:

  • Application name and creation date
  • Last used date (if available)
  • Management options

# Revoke Application Passwords

To revoke an application password:

  1. Go to Users → Profile in WordPress admin
  2. Scroll to the "Application Passwords" section
  3. Click "Revoke" next to the application password you want to remove
  4. Confirm the revocation

Important

Revoking an application password is permanent and cannot be undone. Any applications using that password will lose access immediately.

# Best Practices for Application Passwords

  1. Use descriptive names: Name your application passwords clearly (e.g., "Mobile App", "Third-party Integration")
  2. Regular rotation: Periodically revoke and recreate application passwords
  3. One per application: Create separate application passwords for different applications
  4. Monitor usage: Check the "Last Used" information to identify unused passwords

# Next Steps

Now that you have authentication set up, you can:

Boards