Request feature : authentification

I have authentication implemented with this API. How I did it:

– first specify an api path in the plugin options, mine was /api
– make a folder in the document root of your site, in this case a folder named “api”
– now place a .htaccess file in this directory (and nothing else)
– the contents of the .htaccess file:

AuthUserFile /etc/users
AuthName “This is a protected area”
AuthGroupFile /dev/null
AuthType Basic
Require valid-user

– Now go to your terminal and make a file called ‘users’ in /etc
– to add users follow this tutorial: https://www.htaccesstools.com/htpasswd-generator/

Thanks for your sharing ??
i will try to test it in next days

For clarity, this implements basic http authentication. So you can access it with a username and password, not with an API key as asked above. But almost every HTTP client (for example curl) has support for http basic aut. Good luck!

Would changing the path from /api be kind of like passing a secret key? You might change it to /api-secret-wp123ab390ef4098 for example, and change it again the next week or as needed.

good news ??

rename the API is a great choice, however if do you need some grained features as roles, actions or audits, you can combine the API with a RBAC or LDAP tools (as an aspect) it can be more secure and specific.

if I implement this, will still be possible setting a json query variable and all authentication will not work? or this work to both (/api and json query) ?
(https://www.mysite.com/?json=get_recent_posts)

Thanks!