As of WordPress 5.5, if a permission_callback is not provided, the REST API will issue a _doing_it_wrong notice.
This is a function that checks if the user can perform the action (reading, updating, etc) before the real callback is called. This allows the API to tell the client what actions they can perform on a given URL without needing to attempt the request first.
For REST API routes that are intended to be public, use __return_true as the permission callback
As of WordPress 5.5, if a permission_callback is not provided, the REST API will issue a _doing_it_wrong notice.
This is a function that checks if the user can perform the action (reading, updating, etc) before the real callback is called. This allows the API to tell the client what actions they can perform on a given URL without needing to attempt the request first.
For REST API routes that are intended to be public, use
__return_trueas the permission callbackThere are two places to add the permissions callback: The /access_token route. The /authorize route.