Contents

API settings — Plugixa Recipe

The API tab controls the public-facing REST endpoints — toggles, rate limiting, and authentication requirements.

Go to Recipes → Settings → API.

API settings

Options

Key Default Notes
public_api_enabled false Expose plugixarecipe/v1 read endpoints to unauthenticated callers. When off, every endpoint requires authentication.
api_rate_limit_per_min 60 Per-IP request cap. Set to 0 to disable.
api_cors_origin (empty) Access-Control-Allow-Origin value. Use * for any origin, or a specific domain like https://myapp.com.
api_require_app_password_writes true Force WordPress Application Passwords for POST/PUT/DELETE.

Public vs admin endpoints

Enabling public_api_enabled opens only reads: GET /recipes, GET /recipes/{id}, GET /categories, etc. Writes always require authentication and plugixa_recipe_* capabilities regardless of the toggle.

The /settings, /bulk-action, and other admin endpoints never become public — they’re always gated by manage_options.

Quick Links