POS uses WordPress cookie authentication for same-origin browser requests.
REST requests require logged-in user with capabilities such as use_pos, manage_posoria, or route-specific caps.
For external integrations, use Application Passwords or OAuth plugins compatible with WordPress REST API.


