Limit all endpoints for not logged in users

  • Resolved Kuba Mikita

    (@kubitomakita)


    8 years, 11 months ago

    Hi,

    Is there a way to block the JSON API endpoints for guests?

    I don’t want them to be able to grab the posts or anything unless they are authenticated.

    Is there any filter for the permission_callback? And there I can find which endpoints are public available?

    Any help will be appeciated. Thanks!

    https://www.ads-software.com/plugins/rest-api/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Daniel Bachhuber

    (@danielbachhuber)

    Here’s a snippet which hooks in a bit earlier, and prevents any REST requests if the user is logged out: https://gist.github.com/danielbachhuber/8f92af4c6a8db784771c

    Thank you for the snippet!
    I was looking axactly for something like this for “secure” our new CRM entirely based on WP and WP-API! ??

    As I understand this hook is only suitable for in-browser authentication. Or it also works using Basic or Oauth authentication?

    Plugin Author Daniel Bachhuber

    (@danielbachhuber)

    Yes, it works for all forms of REST authentication.

    In my wp site I installed and activated JSON Basic Authentication.
    Then I try to make request from third-party site:

    $headers = array(
    ‘Authorization’ => ‘Basic ‘ . base64_encode( ‘login’ . ‘:’ . ‘password’ )
    );
    $url = ‘https://mysite.com/wp-json/wp/v2/posts’;

    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($curl);
    echo $response;

    In response I receive
    {“code”:”restx_logged_out”,”message”:”Sorry, you must be logged in to make a request.”,”data”:{“status”:401}}

    So, what’s wrong?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Limit all endpoints for not logged in users’ is closed to new replies.