Custom plugin & calling REST api of wordpress instance the plugins is running on

I’m managing server on which independent development team is hosting wordpress page. They reported issue with wp_remote_get/post… timeout when calling some REST api endpoints from their custom plugin to the same wordpress instance the plugin is running on.

cURL error 28: Connection timed out after X milliseconds

After inspecting server side I wasn’t able to find anything wrong on server side since manual requests either from Curl or Postman to the same endpoints the plugin is calling, are working. That applies for both outside LAN and within the LAN.

Now question concerning wordpress plugin development.

Upon inspecting the code in agreement, I noticed that they are calling those REST api endpoints from plugin’s PHP code and not from the frontend.
TLDR; The wordpress is calling its own endpoints

The goal of this plugin is to obtain data from another plugin and then display(and anything else) those data on frontend of this custom plugin.

Right now the plugin does this as following – described steps below are done in PHP code not on the frontend

  1. Authorize the current logged user via JWT auth endpoint by providing username and password, if client does not have cookie with token obtained in step 2. – This is where the timeout errors occur
  2. After obtaining the token, save it to client’s cookie
  3. Send REST api request to another plugin’s endpoint with the token as Bearer Token in header

Like I said before sending those requests manually from curl or postman works, I’m able to authorize user via the same JWT auth endpoint, but the response time is little over 5 seconds (same number as wordpress default curl timeout after which the plugin gets timeout error)

So I increased the wordpress curl timeout, and every time I did, the response time from my manual api requests matched the timeout I set for wordpress curl

After commenting out the code parts where the plugin is making api requests, this response time dropped to normal levels (few ms)

My question: Is it possible that the code in their plugin is blocking wordpress to be able to respond to other requests before the plugin code is executed(or fails on the timeout)

So basically the plugin is waiting for JWT auth REST endpoint to respond, but it can never respond for requests from the plugin because the plugin is waiting for the response, while the JWT auth can deliver the response only when the plugin execution ends ?

If that is the case, what options i can recommend them ?