Let’s start with some background. The API key referred to by Zapier is actually called an ‘Application Password’ in the WordPress ecosystem. Application passwords were introduced in WordPress 5.6, to enable you and your users to generate and use separate passwords for accessing website APIs such as REST API.
It is not the same as your WordPress password, that you use to access the backend. You cannot use an application password to log in to a WordPress site, this makes application passwords much more secure.
What is an Application Password?
An application password is a securely generated key that can be used to authenticate REST API requests only.
You cannot use an application password to log in to a WordPress site, this makes application passwords much more secure.
Should you use an Application Password?
Functionally speaking, application passwords make it easier for applications to do what they need to do with your WordPress site and make it harder for hackers or other malicious actors to do anything to your site.
Native support for application passwords in WordPress makes it easier for a single user (like you) to generate and use this authentication method in your third-party service. You do not need to create any additional user accounts in your WordPress site, nor do you need to manage different REST API permissions via custom code.
How to Generate an Application Password in WordPress
Generating an application password is done through your WordPress dashboard within your WordPress profile, please follow these steps below:
- Log in to your WordPress site with an admin user account (a user with the administrator role).
- Navigate to Users > Profile.
- Scroll down to the “Application Passwords” heading.
- Enter a descriptive name for your application password in the “New Application Password Name” field. This field is for internal use only and helps you identify what your application password is connected to.
- Click the “Add New Application Password” button to create your password.
- Be sure to immediately copy and paste your password in a secure location. Application passwords cannot be retrieved after you exit this screen.
- Your user account can generate an unlimited number of application passwords.
- We recommend generating one password per third-party app you connect with. This way you can easily disable and delete a single password if you decide not to use that third-party application or find that your password has become compromised.
- You may now use this password to authenticate with a third-party service or application that connects to your WordPress site via REST API.
The application password can now be used to authenticate the Zapier app with Ultimeter on your site.
My New Application Password is not working
Please follow our troubleshooting guide here.