search

WP-API / docs-v2

Documentation for version 2 of the API
http://v2.wp-api.org
58 stars 76 forks source link

Document how to require authentication on all API requests #148

Open kadamwhite opened 8 years ago

kadamwhite commented 8 years ago

This is a common issue (WP-API/WP-API#2432 WP-API/WP-API#2497), and the snippet here https://gist.github.com/danielbachhuber/8f92af4c6a8db784771c (copied below) should be provided within the documentation site itself.


<?php
add_filter( 'rest_authentication_errors', function( $result ) {
    if ( ! empty( $result ) ) {
        return $result;
    }
    if ( ! is_user_logged_in() ) {
        return new WP_Error( 'restx_logged_out', 'Sorry, you must be logged in to make a request.', array( 'status' => 401 ) );
    }
    return $result;
});
tripflex commented 8 years ago

👍 +1 on this as well ... the documentation on the site lead me to believe that authentication would be required for API, and after reading through issues on GitHub it's clear that by default everything is public ... at least put something on the documentation page stating that if you want to use authentication, you have to set it up as it's not required by default ... especially when it comes to custom routes.

http://v2.wp-api.org/guide/authentication/

kadamwhite commented 7 years ago

See also WP-API/WP-API#2497