Subscriptions API and Auth

Location: MediaBlaster → Subscriptions → API/Auth tab

Configure how apps and headless clients authenticate against the MediaBlaster REST API at /wp-json/mediablaster/v3/.

Prerequisites

Setting	Description
Enable app/device API tokens	Issues Bearer tokens for authenticated API requests.
Token expiry days	How long access tokens remain valid before refresh.
Allow email/password login endpoint	`POST /auth/login` for app sign-in.
Allow token refresh endpoint	`POST /auth/refresh` to renew tokens.
Allow device name registration	Associates tokens with device labels for admin visibility.
Allow headless registration endpoint	`POST /auth/register` for app-driven sign-up.
Require verified email before API access	Blocks API use until WordPress email is verified.

Setting	Description
Require HTTPS for API token login	Rejects login over plain HTTP in production.
Locked content HTTP status	Return 403 Forbidden or 404 Not Found for unauthorized API content requests.
Log payment payloads (debug)	Writes redacted payment debug info — use only temporarily.

An admin warning appears when your site is not served over HTTPS while REST tokens or Stripe checkout are enabled.

Authenticate requests with:

Authorization: Bearer {token}

Obtain a token via POST /wp-json/mediablaster/v3/auth/login with email and password, or register via /auth/register when enabled.

Common routes (full detail in Subscriptions and Apps API):

Content catalog and fields: Content API and Fields. Each item includes access and may redact media.url when locked.