1. Home
  2. Docs
  3. Listar App
  4. Mobile App
  5. Authentication

Authentication

Requirement

The mobile app authentication works based on JWT (JSON Web Token) which is a commonly used stateless user authentication standard used to securely transmit information between client and server in a JSON format.

Install the plugin via WordPress CMS

  • Plugins → Add a New → Search for JWT Authentication for WP-API
  • Click Install Now

Define secret key

Open the WordPress source code and open the file wp-config.php then add the code below

define('JWT_AUTH_SECRET_KEY', 'fa15ebcc71196fddd8dd63e6da217accb8a0d148');

You should change the hash code to 32 characters by your setting secret key

hash code fa15ebcc71196fddd8dd63e6da217accb8a0d148 is a just sample value

JWT Expired Token

The mobile application uses JWT (JSON Web Token), which authenticates and authorizes users in web applications and APIs. Users who log in to the app have a lifetime to use. The default is 7 days from user login time.

Settings → Mobile → Authentication → JWT Expired Token

OTP

The app allows you to secure login with a one-time password (OTP). Traditional passwords are permanent and must be memorized. OTP passwords are unique and temporary for each session. This reduces the risk of exposure to malware and provides an additional layer of security for online access.

When the user logs in, registers, or forgets the password, the 6-digit number will be shown on the mobile screen, and you will receive the 6-digit number via email. OTP login is an optional feature.

Settings → Mobile → Authentication

  • OTP Use: check the checkbox to enable it on the mobile app.
  • OTP Code Expires: It’s the time limit for OTP verification. The unit is second. Usually, only be valid for 30 or 60 seconds
  • OTP Email Subject: The title of the email when the system sends the verification code.
  • OTP Email Email: The content of the email when the system sends the verification code.

The OTP is sending the verification code via email. Please make sure your email system is working correctly. Please refer to the Email Settings.