Custom API Endpoints: Enforce Authentication?

  • I have a couple API Endpoints I’ve built that I need to enforce authentication for. For example, one endpoint exposes a user’s email address. I only want to return the email address if the user has their JWT in the call.

    ‘The JWT is sent with the API call, but what I can’t figre’The JWT is sent with the API call, but what I can’t figure out is that right method to build into the API callback to only return the data if the user is authenticated.

Viewing 2 replies - 1 through 2 (of 2 total)

  • I guess you created the endpoints via register_rest_route? Then have a look at the permission parameter: https://developer.www.ads-software.com/rest-api/extending-the-rest-api/adding-custom-endpoints/

    Thread Starter oguruma

    (@oguruma)

    @threadi Thanks for the input, that seems straightforward enough… What I struggle with is how to limit users to only edit/access their own data (be it user meta or posts). There doesn’t seem to be a built-in way to do this, from what I gather.

    For example, I can use current_user_can( ‘edit_others_posts’ ); to check if the user can edit others’ posts, but I can’t seem to find a function that checks if the user can edit the post/meta in question.

    Is there something like a current_user_can(‘edit_this_particular_post’) or ‘edit_this_meta’?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Custom API Endpoints: Enforce Authentication?’ is closed to new replies.