Title: Plugin – Rest API Last modified: September 6, 2022 --- # Plugin – Rest API * [Alfonso](https://wordpress.org/support/users/soull3ss/) * (@soull3ss) * [3 years, 9 months ago](https://wordpress.org/support/topic/plugin-rest-api-3/) * I wrote little plugin and I tried to use Rest Api of WordPress for to communicate admin page to my rest. My problem is : failed rest_cookie_invalid_nonce, return 403 always. * My ajax call : * ``` const form_information_user = jQuery('#form-information-client-login')[0]; let formData = new FormData(form_information_user); formData.append('_wpnonce',obj_php.nonce) jQuery.ajax({ type: 'POST', url : obj_php.ajax_url_login, cache: false, async: true, processData: false, contentType: false, data: formData, success: function( data ) { // Azioni da eseguire in caso di successo chiamata console.log("success: ",data); }, error: function( error ) { // Azioni da eseguire in caso di errore chiamata console.log("error: ",error); } }); ``` * My php file to show view : * ``` class Wp_Diet_Admin_Dashboard{ private string $plugin_name; private string $version; public function __construct(string $plugin_name, string $version) { $this->plugin_name = $plugin_name; $this->version = $version; $this->load_scripts(); $this->load_styles(); $this->set_scripts_variables(); $this->load_dashboard(); } public function load_dashboard(): void { require_once plugin_dir_path( dirname( __FILE__ ) ) . 'views/wp-diet-admin-dashboard.php'; } public function load_scripts(): void { wp_enqueue_script( $this->plugin_name . '-just-validate.js', plugin_dir_url(dirname(__FILE__) ) . 'js/just-validate.js', array('jquery'), $this->version, true ); wp_enqueue_script( $this->plugin_name . '-dashboard.js', plugin_dir_url(dirname(__FILE__) ) . 'js/dashboard.js', array('jquery'), $this->version, true ); } public function set_scripts_variables() : void { $obj_php = [ "ajax_url_registration" => URL_API_V1 . 'form_information_user_registration', "ajax_url_login" => URL_API_V1 . 'form_information_user_login', "required" => __('Questo campo è obbligatorio','wp-diet'), 'nonce' => wp_create_nonce( 'wp_rest_dashboard_login' ), "error" => __('Valore non valido per questo campo','wp-diet'), "error_email" => __('Email non corretta','wp-diet'), ]; wp_localize_script($this->plugin_name . '-dashboard.js','obj_php',$obj_php); } } ``` * My php file route : * ``` class Wp_Diet_Admin_Api{ private string $plugin_name; private string $version; private WP_REST_Server $server; public function __construct(string $plugin_name, string $version) { $this->plugin_name = $plugin_name; $this->version = $version; $this->server = new WP_REST_Server(); } public function load_routes( ): void { register_rest_route( NAMESPACE_V1, 'form_information_user_login', array( 'methods' => WP_REST_Server::CREATABLE, 'callback' => array($this, 'form_information_user_login'), 'permission_callback' => '__return_true', ) ); } public function form_information_user_login(WP_REST_Request $request) { $body = $request->get_body_params(); $email = sanitize_email($body['email']); $pass = sanitize_text_field($body['password']); $client = new GuzzleHttp\Client(); $req = $client->request('POST', 'http://www.localhost:3000/registration-success', [ 'form_params' => ['email' => $email, 'password' => $pass] ]); //jwt-licenza / messaggio d'errore $response = json_decode($req->getBody()->getContents(), true); // wp_send_json('ok'); print_r(wp_get_all_sessions()); } } ``` * If I not use nonce argument in body request it work but I can’t know if the user is logged in, if the request is legal, and I can’t manage a session for saving a jwt. * I would like to recognize who is the user who sends me the request and if it is possible to insert the saving of a jwt with relative refresh * Any advice is welcome, thanks for help * Best regalds, * Note: * I try use wp_verify_nonce and the functions failed auth because user in rest api is nobody meanwhile in ajax call the user is logged user. I think is correctly approach, but in this ways I don’t know how check auth or user or permission callback. - This topic was modified 3 years, 9 months ago by [Alfonso](https://wordpress.org/support/users/soull3ss/). - This topic was modified 3 years, 9 months ago by [Alfonso](https://wordpress.org/support/users/soull3ss/). - This topic was modified 3 years, 9 months ago by [Alfonso](https://wordpress.org/support/users/soull3ss/). Viewing 2 replies - 1 through 2 (of 2 total) * Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/) * (@bcworkz) * [3 years, 9 months ago](https://wordpress.org/support/topic/plugin-rest-api-3/#post-15988291) * Default authentication is by cookie, which doesn’t work for any sort of remote app since it requires the user be conventionally logged into the site. Another good way to authenticate is by an application password, but then requests have the authority of the user supplying the application password, not the current user. Any other means of authentication requires a plugin of some sort. OAuth authentication is one possibility, but I suggest trying [JWT (JSON Web Tokens) Authentication](https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api/). * Thread Starter [Alfonso](https://wordpress.org/support/users/soull3ss/) * (@soull3ss) * [3 years, 9 months ago](https://wordpress.org/support/topic/plugin-rest-api-3/#post-15988754) * Thank you so much for time and consideration. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Plugin – Rest API’ is closed to new replies. * In: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/) * 2 replies * 2 participants * Last reply from: [Alfonso](https://wordpress.org/support/users/soull3ss/) * Last activity: [3 years, 9 months ago](https://wordpress.org/support/topic/plugin-rest-api-3/#post-15988754) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics