Secure WP REST API Calls | ww.wp.xz.cn

jfantasybooks
(@jfantasybooks)

7 years, 9 months ago

Hi.

So, I have been looking into WordPress’s rest api, and it’s dawned on me that anyone could grab my recent posts and scrape the site easily.

Or for any other missdeeds.

Is there a way securely handle API requests, so any requests outside of the site itself does not work without a certain key or token?

Thanks, J.

Viewing 1 replies (of 1 total)

Moderator bcworkz
(@bcworkz)

7 years, 9 months ago

Well, content normally publicly accessible can be grabbed. Privileged data still requires authentication. I suppose scraping JSON is somewhat easier than HTML, but to a scraping script, the difference is trivial.

In any case, you can use the ‘rest_pre_serve_request’ to blank out the normal response if certain additional criteria is not met. Your callback is provided with the response, the original request object, and the WP_REST_Server object, so within that data (and PHP super globals), there should be enough information to decide whether to send out data or not.

Viewing 1 replies (of 1 total)

The topic ‘Secure WP REST API Calls’ is closed to new replies.

In: Fixing WordPress
1 reply
2 participants
Last reply from: bcworkz
Last activity: 7 years, 9 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics