Contents
API settings — Plugixa Recipe
The API tab controls the public-facing REST endpoints — toggles, rate limiting, and authentication requirements.
Go to Recipes → Settings → API.

Options
| Key | Default | Notes |
|---|---|---|
public_api_enabled |
false |
Expose plugixarecipe/v1 read endpoints to unauthenticated callers. When off, every endpoint requires authentication. |
api_rate_limit_per_min |
60 |
Per-IP request cap. Set to 0 to disable. |
api_cors_origin |
(empty) | Access-Control-Allow-Origin value. Use * for any origin, or a specific domain like https://myapp.com. |
api_require_app_password_writes |
true |
Force WordPress Application Passwords for POST/PUT/DELETE. |
Public vs admin endpoints
Enabling public_api_enabled opens only reads: GET /recipes, GET /recipes/{id}, GET /categories, etc. Writes always require authentication and plugixa_recipe_* capabilities regardless of the toggle.
The /settings, /bulk-action, and other admin endpoints never become public — they’re always gated by manage_options.
Related
- REST API reference — full endpoint list
- Performance settings — separate from rate limiting
- Settings overview