PRO
Applications β
An Application is the central orchestration unit of the Pro layer. Every feature module β auth, rate limiting, IP filtering, route policy, properties, collections, automations, webhooks, and emails β is configured independently per application. This lets you serve different clients from the same WordPress installation with completely isolated API surfaces: different auth methods, different data views, different rate limits, different allowed origins.
You can create as many applications as you need. Each one is independent.
Applications List β
The list view is the entry point for managing all your applications.
- Create a new application with the add button.
- Enable / Disable an application with the toggle. A confirmation dialog requires you to type the application name before the change is applied β this prevents accidental deactivation of a live application.
- Delete an application permanently. A confirmation dialog requires you to type the application name before deletion proceeds.
- Open any application to access its editor and module configuration.
Once at least one application exists and is enabled, any incoming REST request that does not match a registered application is blocked.
Application Editor β
Each application has its own editor with two areas:
Identity β
- Title β display name used throughout the admin.
- Description β optional notes for your own reference.
- Enabled β activate or deactivate the application without deleting it.
Modules β
Each module can be toggled on or off at the application level. A module must also be globally active to take effect. The editor shows a summary of the current configuration for each module and a direct link to its dedicated settings panel.
| Module | Description | Doc |
|---|---|---|
| Auth & Rate Limiting | Auth methods, allowed origins & IPs, HTTP methods, users and per-user overrides | β Auth & Rate Limit |
| IP Filtering | Whitelist / blacklist, CIDR ranges, country blocking | β IP Filtering |
| Routes Policy | Per-route auth, rate limit, disable, user restriction | β Routes |
| Properties & Models | Response transforms, per-property control, custom schemas | β Properties & Models |
| Collections | Per-page limits, drag-and-drop sort order | β Collections |
| Automations | Event-driven workflows with conditions and actions | β Automations |
| Webhooks | Outbound webhook entries with event triggers | β Webhooks |
| Emails | Transactional email templates with SMTP | β Emails |
Auth & Rate Limiting Module β
See the dedicated Auth & Rate Limiting page for full documentation of application-level defaults, the users list, and the user editor.
IP Filtering Module β
Manages IP-based access control for this application.
- Whitelist mode β only requests from listed IPs or CIDR ranges are allowed through.
- Blacklist mode β listed IPs or ranges are blocked. Configurable retention time.
- Country blocking β block or allow requests by country using GeoIP data.
- CIDR support β define ranges in addition to individual addresses.
See the dedicated IP Filtering page for full documentation.
FAQ β
Can multiple applications share the same origin?
Yes. The firewall matches the first enabled application whose origin matches the request. List order determines priority.
What happens when no application matches a request?
Once applications are enabled, any request that does not match a registered application is blocked.
Can I test an application's policy before enabling it?
Yes. The Routes module includes a Test panel that lets you fire live requests through the current policy without exposing it to real traffic.