authentication - PHP: authenticate for a REST request?

admin管理员组

文章数量:1026989

I did create some custom endpoints for a plugin i'm working on, with the REST api. It works quite well, but now I would like to secure those requests : I don't want external users (EDIT: I mean remote requests) to be able to do query them.

But I only find documentation about javascript authentification (REST API Handbook). How should I achieve authentification with PHP (WP 5.1.1 here) ?

Thanks

I did create some custom endpoints for a plugin i'm working on, with the REST api. It works quite well, but now I would like to secure those requests : I don't want external users (EDIT: I mean remote requests) to be able to do query them.

But I only find documentation about javascript authentification (REST API Handbook). How should I achieve authentification with PHP (WP 5.1.1 here) ?

Thanks

• rest-api
• authentication

Share Improve this question edited Mar 21, 2019 at 8:16 gordie asked Mar 21, 2019 at 7:17 gordiegordie 49255 silver badges1919 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default -1

What do you mean by "external users"? If you only want Users, that are logged into your website, to use the API Endpoint, you can filter the "rest_authentication_errors" like described here

Add this to your plugin:

add_filter( 'rest_authentication_errors', function( $result ) {
    if ( ! empty( $result ) ) {
        return $result;
    }
    if ( ! is_user_logged_in() ) {
        return new WP_Error( 'rest_not_logged_in', 'You are not currently logged in.', array( 'status' => 401 ) );
    }
    return $result;
});

Happy Coding!

I did create some custom endpoints for a plugin i'm working on, with the REST api. It works quite well, but now I would like to secure those requests : I don't want external users (EDIT: I mean remote requests) to be able to do query them.

But I only find documentation about javascript authentification (REST API Handbook). How should I achieve authentification with PHP (WP 5.1.1 here) ?

Thanks

I did create some custom endpoints for a plugin i'm working on, with the REST api. It works quite well, but now I would like to secure those requests : I don't want external users (EDIT: I mean remote requests) to be able to do query them.

But I only find documentation about javascript authentification (REST API Handbook). How should I achieve authentification with PHP (WP 5.1.1 here) ?

Thanks

• rest-api
• authentication

Share Improve this question edited Mar 21, 2019 at 8:16 gordie asked Mar 21, 2019 at 7:17 gordiegordie 49255 silver badges1919 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default -1

What do you mean by "external users"? If you only want Users, that are logged into your website, to use the API Endpoint, you can filter the "rest_authentication_errors" like described here

Add this to your plugin:

add_filter( 'rest_authentication_errors', function( $result ) {
    if ( ! empty( $result ) ) {
        return $result;
    }
    if ( ! is_user_logged_in() ) {
        return new WP_Error( 'rest_not_logged_in', 'You are not currently logged in.', array( 'status' => 401 ) );
    }
    return $result;
});

Happy Coding!

本文标签： authenticationPHP authenticate for a REST request