=== WP REST API Key Authentication ===
Contributors: ikamal  
Tags: REST API, API authentication, API key, security, access control  
Tested up to: 6.7
Stable tag: 1.0  
License: GPLv2 or later  
License URI: https://www.gnu.org/licenses/gpl-2.0.html  

A simple plugin to add API key-based authentication to the WordPress REST API. Manage multiple API keys and secure your REST API endpoints.

== Description ==

**WP REST API Key Authentication** adds a simple API key-based authentication method to the WordPress REST API. This plugin is perfect for developers who want to interact with the REST API securely without relying on complex OAuth authentication mechanisms.

### Key Features:
- **Multiple API Keys**: Create and manage multiple API keys with custom names.
- **Secure API Key Storage**: API keys are hashed and securely stored in the WordPress database.
- **Single Display for Security**: API keys are shown only once after creation.
- **REST API Access Control**: Authenticate requests by including an API key in the `Authorization` header.
- **Admin Interface**: Manage API keys with a user-friendly admin page.
- **Copy to Clipboard Popup**: Easily copy generated API keys with a built-in popup.

The plugin is lightweight and integrates seamlessly with WordPress.

== Installation ==

1. Download the plugin ZIP file.
2. Go to your WordPress admin dashboard and navigate to **Plugins > Add New**.
3. Click on the **Upload Plugin** button and select the ZIP file.
4. Click **Install Now** and then activate the plugin.
5. Navigate to **API Keys** in the admin menu to start managing your API keys.

== Usage ==

1. **Generate an API Key**:
   - Go to **API Keys** in the WordPress admin menu.
   - Enter a name for the API key and click "Generate API Key".
   - The API key will appear in a popup. Copy it immediately, as it will not be displayed again.

2. **Use the API Key**:
   - Include the API key in the `Authorization` header of your REST API requests:
     ```
     Authorization: Bearer YOUR_API_KEY
     ```

3. **Delete API Keys**:
   - To revoke access, delete an API key from the **API Keys** admin page.

== Frequently Asked Questions ==

= How are API keys stored? =
API keys are hashed using PHP's `password_hash` function and stored securely in the WordPress database. The raw key is only shown once upon creation.

= What happens if I lose an API key? =
If you lose an API key, you must generate a new one. The plugin does not store raw API keys for security reasons.

= How do I authenticate a REST API request? =
Include the API key in the `Authorization` header using the `Bearer` token format: Authorization: Bearer YOUR_API_KEY


= Can I create multiple API keys? =
Yes, you can generate multiple API keys with custom names and manage them from the admin interface.

== Screenshots ==

1. **API Key Management Interface**  
   Manage API keys with a simple interface, including options to create and delete keys.

2. **Generated API Key Popup**  
   Popup showing the API key after generation, with an option to copy it to the clipboard.

3. **REST API Authorization Example**  
   Example of how to use the API key in the `Authorization` header.

== Changelog ==

= 1.0 =
* Initial release.
* Added support for API key creation and deletion.
* Added REST API authentication using API keys.
* Added popup with "Copy to Clipboard" functionality for generated API keys.

== Upgrade Notice ==

= 1.0 =
Initial release. Add secure API key-based authentication to your REST API.

== License ==

This plugin is licensed under the GPLv2 or later. See the License URI for details.
