Hi @alexwbaumann
Thank you for reaching out!
WPO365 does not have logic to secure those endpoints by validating the application password. But if you have selected the Intranet Authentication scenario on the plugin’s “Single Sign-on” configuration page, then you can exempt the WP REST endpoint by adding “/wp-json/wp/v2” (or a more specific path) to the list of Pages freed from authentication, which you can find on the same configuration page.
Hope that helps! Please let me know if you any further questions.
-Marco
Thank you. I did forget to mention that we have the Intranet option set. I can whitelist those endpoints. Since I want those endpoints to remain protected, I will need to handle my own authentication.
Hi Alex
Yes, I believe this what you would indeed need to do: Allow-list those endpoints in WPO365 so it doesn’t interfere with requests to that endpoint and then have another customization / plugin deal with those requests (e.g. check for and verify an application password).
Hope that helps!
-Marco
