mmeridyth

@nr2012
Its good to know that I can get it working with separate code bases.
I want to know how you do an API call from your Vue application and if you always have to have the nonce in the url if its a draft or preview you are trying to see?

For instance the call to see one of my projects is – http://content.domain.local/wp-json/wp/v2/projects/?slug=project-one

I’ve made a custom endpoint for this custom post type with all the fields I would like but because it’s a draft post I get a permissions error. It works fine when the project is published. But I want to be able to preview projects before I publish them.

In my Vue application from the examples I’ve seen I need to have a header set to see restricted content –

let url = store.state.apiUrl + 'projects/?slug='+params.slug
axios.get(url, { 
  headers: { 
    'X-WP-Nonce': 'how to get this' 
  } 
})
.then(response => {
  // If request is good...
  console.log(response.data);
})
.catch((error) => {
  console.log('error ' + error);
});

I’ve been trying to understand the authentication documentation here https://developer.ww.wp.xz.cn/rest-api/using-the-rest-api/authentication/ but I don’t understand how to do it when I can’t get the nonce value for the header because the examples are getting it from a wp_localize_script. When im in my Vue application I don’t have access to anything in my functions.php file (different codebase). So is the only way to authenticate the API call by having in nonce in the API url like your example for previewing changes or is there another way?