watzkej
commented
7 years ago I can take a look at issues around securing the API. It's been a while since I've played with Wordpress but I can figure it out.
Open november9 opened 7 years ago
watzkej
commented
7 years ago I can take a look at issues around securing the API. It's been a while since I've played with Wordpress but I can figure it out.
jktravis
commented
7 years ago Something to consider. I haven't used it, but have heard good things about it.
november9
commented
7 years ago Yeah, I saw that one, might be the just solution we need. I'll leave it to @watzkej or @MikeRobertHughes or anyone else to look into that if they are able to, and if not, I will definitely look at it myself.
Thanks, @jktravis!
watzkej
commented
7 years ago That's a neat plugin. I've seen Auth0 stuff before and it looks pretty good. I'll certainly check this out.
Right now, virtually anyone can access the API, as there is no authentication on it.
The API is actually coming from a WordPress installation using the "WP REST API" plugin. I chose to go this route since I wanted to a) save time by not having to create an admin panel that would be easy for non-technical folks to use for data-entry b) make it really easy for the developers to add new entities with specific fields such as "actions", "events", "donations", etc.
I was thinking that the application would live inside of a page on the WordPress install currently located at WeCanSaveDemocracy.org to allow for eventual expansion of the platform (see this issue) to also include articles and resources. So this is something to keep in mind.
There is documentation on how to do this using different types of authentication, it just needs to be implemented.
Will require some PHP knowledge.
Please contact me at jazziseverywhere@gmail.com for login creds.