Files needed for API access

Just installed Piwik and love it. Will definitely stay with it as it beats GA or manually having to download/run PDF reports with a Windows software from server log files.

Just have a quick question regarding API access. I’m seeing WordPress and Joomla plugins touting API access instead of using Javascript async code. The problem is my entire Piwik install is basic password protected except, piwik(js|php) files which are needed to track. By the way, I’m using Ngninx. Not apache.

What other files needed to be public (accessible) in order for me to give all these CMS plugins the API access needed? Or better open the Piwik install and limit Piwik access by sites’ IPs? All sites and Piwik are on the same server.

Thank you.

They all use index.php and piwik.php only since these are the Analytics API and Tracking API endpoints

Thank you for the fast help. (tu)
Just decided to go ahead and remove the basic authentication, since there is access control already in Piwik. Probably best to keep things simple while learning a new software :smiley: