科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>customization - Custom API plugin to execute 3rd party API to retrieve data

    customization - Custom API plugin to execute 3rd party API to retrieve data

    programmeradmin7浏览0评论

    I am new to WordPress here.

    I have this request where I need to create a custom REST API plugin where when user triggers the following URL link:

    www.example/wp-json/v1/getCoupon/123456?CouponID=MacD

    The plugin will perform the following:

    a. Execute CURL POST (using the username and password stored within the plugin) to retrieve the token

    b. Execute CURL GET using the token retrieved, order number and coupon ID (specified in the URL) to retrieve the coupon information.

    Is there any security concern the credential stored within the plugin?
    Is this setup approach feasible?

    Seeking experts here for advise

    I am new to WordPress here.

    I have this request where I need to create a custom REST API plugin where when user triggers the following URL link:

    www.example/wp-json/v1/getCoupon/123456?CouponID=MacD

    The plugin will perform the following:

    a. Execute CURL POST (using the username and password stored within the plugin) to retrieve the token

    b. Execute CURL GET using the token retrieved, order number and coupon ID (specified in the URL) to retrieve the coupon information.

    Is there any security concern the credential stored within the plugin?
    Is this setup approach feasible?

    Seeking experts here for advise

    • plugins
    • customization
    • security
    • rest-api
    • api
    Share Improve this question asked Dec 26, 2019 at 9:49 BBBBB86BBBBB86 236 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 1

    If you need to pass username and password for Basic Auth you need to send that in headers e.g.

    $headers = array('Authorization' => 'Basic ' . base64_encode( YOUR_USERNAME . ':' . YOUR_PASSWORD );

$response = wp_remote_post( $url, array(
    'method'      => 'POST',
    'timeout'     => 45,
    'headers'     => $headers
    )
);

    If you need to pass username and password as value you can send it in body e.g.

    $response = wp_remote_post( $url, array(
    'method'      => 'POST', // Use 'GET' for GET request
    'timeout'     => 45,
    'headers'     => array(),
    'body'        => array(
        'username' => 'test',
        'password' => 'xxxx'
    ),
    )
);

//Get the response
if ( is_wp_error( $response ) ) {
    $error_message = $response->get_error_message();
    echo "Something went wrong: $error_message";
} else {
    echo 'Response:<pre>';
    print_r( $response ); // You will get the token in $response, the $response usually in JSON or XML.
    echo '</pre>';
}

    Once you have the token you can send that in URL again to wp_remote_post function

    For your other question you must encrypt any sensitive information and decrypt it when you need it.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论