All REST endpoints are registered under the /wp-json/login-me-now namespace. Authentication is enforced by RouteBase::permission_check() unless overridden.
login-me-now| Method | Endpoint | Description | Auth |
|---|---|---|---|
| GET | /admin/settings |
Fetches merged plugin settings including module toggles and provider defaults.【F:app/Admin/Route.php†L13-L18】 | Required |
| POST | /admin/settings/fields |
Returns the dynamic settings schema used to render dashboard forms.【F:app/Admin/Route.php†L13-L18】 | Required |
| POST | /admin/settings/save |
Persists settings updates via SettingsController::save(). |
Required |
Note: In development mode (
Config::get('environment') === 'development'), permission checks automatically pass for rapid prototyping.【F:app/Common/RouteBase.php†L33-L37】
| Method | Endpoint | Body | Description |
|---|---|---|---|
| POST | /browser-token/generate |
username, password, expiration |
Authenticates credentials and returns a JWT payload with token metadata.【F:app/Logins/BrowserTokenLogin/Route.php†L16-L18】【F:app/Logins/BrowserTokenLogin/JWTAuth.php†L31-L144】 |
| POST | /browser-token/validate |
token |
Validates a JWT and returns either token data, the raw token, or the user ID based on request parameters.【F:app/Logins/BrowserTokenLogin/Route.php†L16-L19】【F:app/Logins/BrowserTokenLogin/JWTAuth.php†L158-L221】 |
| POST | /browser-token/generate-onetime-number |
token |
Requires a valid browser token, then returns an expiring shareable login link for that user.【F:app/Logins/BrowserTokenLogin/Route.php†L16-L33】 |
| Method | Endpoint | Body | Description |
|---|---|---|---|
| POST | /send-magic-link |
email, wpnonce |
Sends an email containing a signed login URL to the specified user account.【F:app/Logins/MagicLinkLogin/Route.php†L14-L19】【F:app/Controllers/MagicLinkController.php†L13-L46】 |
This endpoint bypasses default permission checks so that unauthenticated visitors can request magic links. Ensure you pair it with nonce validation to mitigate abuse.【F:app/Logins/MagicLinkLogin/Route.php†L16-L19】【F:app/Controllers/MagicLinkController.php†L13-L46】
The plugin also exposes WordPress Ajax actions for generating temporary links and tokens (e.g., login_me_now_login_link_generate, login_me_now_browser_token_generate). These are secured with capability checks and nonces via the AjaxCheck trait.【F:app/Logins/LinkLogin/Ajax.php†L28-L118】【F:app/Logins/BrowserTokenLogin/Ajax.php†L28-L116】 Use wp.ajax.post() or the provided dashboard UI to interact with them.
Refer to the Hooks & Filters section to extend or customize API behavior.