I need to make a custom link to confirm order from user by email. This is the basic code :
private static function get_confirmation_link( int $recipient_id, array $params = null ){
return home_url(sprintf( '?foo=%1$s&var1=%2$s&var2=%3$s&token=%4$s',
'1',
$recipient_id,
$params['order-id'],
$params['token'] //<-- how I generate this ?
)
);
}
The goal is check the token after the user click on the link in his email to be sure he´s the right person who does this action (confirm his order).
Simple question : what is the best practice to generate token used in a link ?
Should I use wp_generate_user_request_key() and wp_send_user_request() ?
If I should not use these functions, I know 2 ways to store the token :
- as order post meta_data
- as transient
What could be the best storage, I mean the way more Wordpress compliant ?