Rooftop includes the Rooftop API Authentication plugin, so you can use token auth. Much easier than faffing around with OAuth, which is the WP-API standard.

Get your API token

Log into your Rooftop site and generate an API token from the Rooftop CMS => API Keys menu


Choose read-only or read-write permissions

You can choose whether to make the key read-only, or read-write. It's important to keep this key safe! - always remove and add a new key if you think it's been compromised. (Don't worry - the key we're showing here is the one you use to test the API on


Pass your API token as a header with every request

Authenticating is as simple as passing an HTTP header with every request. Add an api-token header with your request, and Rooftop will authenticate you.


Keep your API key safe

You'll see that the API keys in this documentation work. We periodically wipe the demo site, but want to give you something to test against. Keep your API keys safe! It's the only thing protecting your Rooftop site from attack.