I did create some custom endpoints for a plugin i'm working on, with the REST api. It works quite well, but now I would like to secure those requests : I don't want external users (EDIT: I mean remote requests) to be able to do query them.
But I only find documentation about javascript authentification (REST API Handbook). How should I achieve authentification with PHP (WP 5.1.1 here) ?
Thanks
I did create some custom endpoints for a plugin i'm working on, with the REST api. It works quite well, but now I would like to secure those requests : I don't want external users (EDIT: I mean remote requests) to be able to do query them.
But I only find documentation about javascript authentification (REST API Handbook). How should I achieve authentification with PHP (WP 5.1.1 here) ?
Thanks
Share Improve this question edited Mar 21, 2019 at 8:16 gordie asked Mar 21, 2019 at 7:17 gordiegordie 4925 silver badges19 bronze badges1 Answer
Reset to default -1What do you mean by "external users"? If you only want Users, that are logged into your website, to use the API Endpoint, you can filter the "rest_authentication_errors" like described here
Add this to your plugin:
add_filter( 'rest_authentication_errors', function( $result ) {
if ( ! empty( $result ) ) {
return $result;
}
if ( ! is_user_logged_in() ) {
return new WP_Error( 'rest_not_logged_in', 'You are not currently logged in.', array( 'status' => 401 ) );
}
return $result;
});
Happy Coding!