jonathan-dejong
commented
6 years ago Hi Michael,
If you dont require a user to be logged in to access your custom endpoints WordPress wont require auth = ignored.
Closed MichaelCStevens closed 6 years ago
jonathan-dejong
commented
6 years ago Hi Michael,
If you dont require a user to be logged in to access your custom endpoints WordPress wont require auth = ignored.
webartistse
commented
6 years ago I don't get this to work at all. Followed the guidelines several times but I got full access to API without auth. Standard endpoints and custom endpoints.
tkserver
commented
6 years ago What I do is get the current wp user and compare to the user submitting requests to the api. If they are not the same, then I don't allow access.
garymould
commented
6 years ago You can use plugins to hide endpoints, or only allow entry if authorised.
jonathan-dejong
commented
6 years ago Seems there's a confusion here. This plugin does not restrict or hide WordPress content. It's merely a way to allow external access to WordPress endpoints which are only accessible to logged in users. By default that would be things like creating/editing/deleting posts, data, users etc.
Installing this plugin will not hide post listing endpoints for example. For that you need to either write your own restrictions or use a plugin with that purpose :)
I have followed the directions, setup the flow correctly, yet I notice my custom end points do not return an error even if no token/auth header is supplied. Ive done some limited debugging, the plugin looks like it is setting the data correctly however it is being ignored