How to connect android app with WordPress website?

Out of the box there is no mechanism for a user to login via the REST API to begin a session without pre-configured access. WordPress Core provides 2 authentication methods for the REST API:

  • cookies + nonces
  • application passwords

Likewise there is no mechanism for registering for an account via the REST API, user creation requires authenticated requests from a user with admin access. Note that making such requests carries risk, you do not want those kinds of credentials being used in your application as it would make your site extremely easy to hack.

You might be able to do this via 3rd party authentication plugins however.

https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/#authentication-plugins

There are also plugins that try to fill this gap, though I cannot recommend them here as recommendations are off topic here, and any recommendation would be quickly out of date.

The problem is that in my JSON API user passwords are stored in hashed form, something like that:

Exposing hashed passwords is dangerous, exposing plaintext passwords is even more dangerous. Both would be considered a data breach. Storing plaintext passwords would be seen as gross negligence and would make your app fail many forms of compliance. It could be illegal to offer your application in some countries if plaintext passwords were used.

The user_pass is of no use to you here, and its presence in your example implies that you’ve given your application an alarming level of access to your site.

Related Posts:

  1. WordPress Rest API: How do we validate with our custom API key?
  2. authentication issue with rest api – rest_cannot_create
  3. Android authentication
  4. WordPress REST API “rest_authentication_errors” doesn’t work external queries?
  5. Can’t GET draft posts via REST API from headless frontend
  6. WP Rest API in Android studio does not show Images
  7. How to: Make JWT-authenticated requests to the WordPress API
  8. How to Authenticate WP REST API with JWT Authentication using Fetch API
  9. wordpress wp-json prefix issue
  10. Can I authenticate with both WooCommerce consumer key and JWT?
  11. WP REST API: check if user is logged in
  12. How to login to WordPress site using basic authentication HTTP headers?
  13. Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?
  14. Formating content rendered from wordpress REST API as JSON and not HTML
  15. Create Session with JWT
  16. WordPress REST API – Modify JSON before importing
  17. Why does AWStats show /wp-json* as Viewed URLs
  18. WP REST API GET Requests require authentication
  19. current_user_can(‘administrator’) returns false when I’m logged in
  20. Authenticating with REST API
  21. Make authorization mandatory on custom routes
  22. How to order WordPress Rest API data
  23. WP Rest API – How to convert embedded to json object in Java [closed]
  24. featured image not found in json from wp rest api
  25. WP REST API – Nonce passes wp_verify_nonce even after logout
  26. How to force JWT auth for default GET endpoints of WordPress rest api?
  27. Custom endpoint to get all custom taxonomy terms
  28. WordPress JSON data to and from database to be shown on rest point
  29. REST API: best place to set current user for JWT auth?
  30. How to Get Featured Image from REST API?
  31. WordPress + REST API v2 and private pages Load by slug
  32. REST API authentication for a plugin
  33. PHP: authenticate for a REST request?
  34. Rest API basic auth not working
  35. If I use WordPress REST API V2 and someone makes an app using it. Will my site count the posts views from the APP? And if not, then how?
  36. Authenticate current user to REST API
  37. Rest API: wp_verify_nonce() fails despite receiving correct nonce value
  38. Getting 401 from ajax using an application password
  39. WordPress REST API calls that depend on the WordPress User
  40. Custom WP API endpoint NULL body data
  41. WordPress HTTP API NTLM Authentication
  42. Advanced Access Manager: RESTful endpoint to refresh token
  43. Is there a way I can fetch the WordPress Developer Code References with an API?
  44. Best Authetication between REST API and Mobile App
  45. 403 error when publishing a post in wordpress. Error => Publishing failed. The response is not a valid JSON response
  46. Error message: Response is not a valid JSON response
  47. Log in user using WordPress REST API
  48. WordPress REST API not working on localhost
  49. DELETE request using WP REST API
  50. Secure WordPress API, how?
  51. wp_nonce vs jwt
  52. register/login api
  53. how to create JSON array [] for REST response?
  54. What’s the right way to validate JSON data coming from an AJAX POST request?
  55. How do i POST to WordPress rest API from the same domain?
  56. How to receive JSON payload from a digital device
  57. WP CLI in WP 5.3 with PHP 7.4
  58. Get wordpress post with featured image, category and tag from WordPress API
  59. WordPress API “code”:”rest_no_route” with Custom Route
  60. How can I secure my custom rest api endpoint or add under a already existing rest group
  61. Autotrader API Integration
  62. REST API get featured image source for custom post type
  63. Fix Characters WordPress Ionic App
  64. Display Post Featured Image along with Categories via WP Rest API
  65. Register rest field authentication with REST API
  66. WordPress REST API not displaying all information
  67. REST API Integration without user account?
  68. WordPress Rest API Escapes Returned URLs Forward Slash
  69. WP REST API with Basic Auth at target website
  70. Custom WP Rest API Endpoints from JSON Schema
  71. Cant POST with REST API on WordPress
  72. Custom rest api endpoint response json problem
  73. REST API – Authentication/Logon security
  74. WordPress json – How to use the content rendered from json
  75. custom REST endpoints and application passwords
  76. wordpress rest api authentication failed
  77. How do I parse JSON in Android?
  78. WP REST API — How to change HTTP Response status code?
  79. Understanding SHORTINIT with WordPress 5
  80. Filter post_content before loading in Gutenberg editor
  81. Options to get my custom post type metadata via the WordPress API
  82. Limit REST API output to current logged in user that is also author of the content
  83. Submit comment via JSON from Android device
  84. Validate rest-api call on create
  85. WordPress REST API rest_comment_invalid_author Sorry, you are not allowed to edit ‘author’ for comments
  86. How to delete user using rest api without reassigning
  87. How to change the date and time in REST API for comments?
  88. Rest API V2 custom post type. I only need the title and link
  89. Retriving all users with REST API not working
  90. What is an endpoint for custom post type comments in REST API?
  91. How would I know if my system using REST api or not?
  92. how to use nimble-API and Display data?
  93. WP Rest_API- Post request for images returns empty
  94. WP API file_get_contents return TTP request failed! HTTP/1.1 401 Unauthorized
  95. Not able to delete media by REST API
  96. Fatal error: Call to undefined function register_rest_route()
  97. Make Custom Fields Public in JSON – API
  98. how to know that a wordpress plugin support using API?
  99. Hide custom posts from certain taxonomy in rest api
  100. Creating Application Password using REST API results in 401 regardless of JWT token