How To Setup a OAuth Token

In about a month I will have the distinct honor of speaking at my first WordCamp – WordCamp US in Philadelphia!  I’m quite excited for the talk and to prepare for it, I will be doing a series of How To posts that will be referenced during the talk.

The title of the talk is Gamification with the API and is focused on interacting with the API using wpcom.js and node.  This first post covers how to easily get an OAuth token to work with endpoints that require authentication.


OAuth and the API

In order to perform certain operations with the API, like creating posts, or getting access to any protected information, you must come equipped with an OAuth token.

This process can be lengthy, but fortunately there is a quick example node app that will help expedite this process for you.

node-wpcom-oauth To The Rescue

The fine folks at Automattic have an npm module that handles server-side oauth tasks with the API, and inside the repository there is an app you can use to get a token.  So the first step is to download a copy of the repository.

Then if you change directory into /example you will find the app, and a set of instructions on how to use it.

Create an App

In order to use the example application you will first need to create a App.  To do so, visit the App Dashboard and click “Create New Application”.

The form to create an App is pretty basic.  For the purposes of my talk, and my App, I will likely be the sole user – but if you plan on having a more public-facing application, some greater care/thought might be put into a name and description.Developer_Resources___Create_cool_applications_that_integrate_with_WordPress_com.png

For obtaining the token, you can use the same Redirect URL as seen above “http://localhost:3001/connect/res” though this is also configurable in the example application.

Once you submit the form, you will be redirected to a success screen like so:

Developer_Resources___Create_cool_applications_that_integrate_with_WordPress_com 2.png

Click the name of your App, highlighted in red above to get back to the full detail page for your app, which also has the needed information to complete the OAuth token process.

Client ID and Client Secret

Now on your App’s page you can scroll down to view your OAuth Information.  You will need both the Client ID and Client Secret for the next step.  These are secrets, treat them as such.  Shhhhh:

Developer_Resources___Create_cool_applications_that_integrate_with_WordPress_com 3.png

Configure The Example App

Okay with your newly found secret information in hand, or in your computer’s clipboard, head back to the [code]example[/code] directory in the node-wpcom-oauth project.  Inside the folder you should see a file named  settings_example.json – go ahead and rename that to settings.json and open the file in your text editor of choice.


Now paste in your freshly minted client id and client secret from your new App, and save the file.  Now open up a command/terminal application within that folder and type node index.js.  This will startup the example app on port 3001.  Now visit http://locahost:3001 to start your token adventure.

Get Yer Token

The first screen will confirm the settings you just created, and then give you a link to “GET THE CODE” – confirm the settings look good then click the link.


Now you will be redirected to where you can select which of your blogs you would like your App to be able to access authenticated as your user account.  For my example app, I have created a site called  Click Approve to get the token.


Now you will be redirected back to your localhost app, which will use its secret and the token returned from the side of things to prepare for the final step to actually get the FINAL TOKEN.

WPOAuth 3.png

Click “LETS GET IT!”.  Seriously, last step right there.

Great Success!

You should now have a screen with your bearer token.  And now the entire world of the API is ready for your creativity:

WPOAuth 4.png


Leave a Reply