Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?

I’ve created a reduced test case that demonstrates that what you want to do is achievable:

add_action( 
    'rest_api_init',
    function() {
        register_rest_route(
            'wpse/343039',
            'route',
            [
                'methods' => [ 'POST' ],
                'permission_callback' => function( WP_REST_Request $request ) {
                    if ( '1' == $request->get_param( 'param' ) ) {
                        return true;
                    } else {
                        return false;
                    }
                },
                'callback' => function( WP_REST_Request $request ) {
                    return rest_ensure_response( '1' );
                },
            ]
        );
    }
);

With this rest route, if I send a POST request to:

https://example.com/wp-json/wpse/343039/route

I will receive a 401 response unless I pass param with the value of 1 in the request body:

{
    "param": 1
}

It can also be passed as form data. If I do pass that parameter, then I see 1 in the response, as expected.

The proper way to return a 401 from a REST endpoint is to return false from the permission_callback function, and as I’ve demonstrated, you have full access to the request in the callback, so long as you accept it as an argument.

Related Posts:

  1. WordPress Rest API: How do we validate with our custom API key?
  2. WordPress REST API “rest_authentication_errors” doesn’t work external queries?
  3. register/login api
  4. wordpress rest api authentication failed
  5. How to: Make JWT-authenticated requests to the WordPress API
  6. Get post count in wp rest API v2 and get all categories
  7. WordPress REST API – Permission Callbacks
  8. Are there server performance benefits to fetching only specific fields when querying the REST API?
  9. How do I use the WP REST API plugin and the OAuth Server plugin to allow for registration and login?
  10. How to Authenticate WP REST API with JWT Authentication using Fetch API
  11. authentication issue with rest api – rest_cannot_create
  12. Hiding API routes list
  13. Can I authenticate with both WooCommerce consumer key and JWT?
  14. WP REST API: check if user is logged in
  15. How to login to WordPress site using basic authentication HTTP headers?
  16. Can’t GET draft posts via REST API from headless frontend
  17. Create Session with JWT
  18. How to filter users on custom meta fields in WP JSON v2?
  19. Gutenberg Custom Block Getting All Posts
  20. Display post title from WordPress excluding a string via API
  21. WP_REMOTE_POST Requests are being blocked by API provider [closed]
  22. WP REST API GET Requests require authentication
  23. current_user_can(‘administrator’) returns false when I’m logged in
  24. Authenticating with REST API
  25. Make authorization mandatory on custom routes
  26. WP REST API – Nonce passes wp_verify_nonce even after logout
  27. is it possible to filter a rest api endpoint by using a registered rest field?
  28. Use the backbone.js client to save custom post type meta
  29. How to force JWT auth for default GET endpoints of WordPress rest api?
  30. No ‘Access-Control-Allow-Origin’ when call rest API
  31. REST API: best place to set current user for JWT auth?
  32. Update a post based on results from GET request to another server
  33. WordPress + REST API v2 and private pages Load by slug
  34. REST API authentication for a plugin
  35. WP API post__not_in is not working
  36. PHP: authenticate for a REST request?
  37. Rest API basic auth not working
  38. Authenticate current user to REST API
  39. Rest API: wp_verify_nonce() fails despite receiving correct nonce value
  40. Get a remote post ID via API given URL
  41. Core function to check if a rest namespace exists
  42. Getting 401 from ajax using an application password
  43. How to connect android app with WordPress website?
  44. How to change the date and time in REST API for comments?
  45. Is there a way to download only the Rest API part of WordPress?
  46. WordPress REST API calls that depend on the WordPress User
  47. WordPress REST Api get posts by ID
  48. WordPress HTTP API NTLM Authentication
  49. Advanced Access Manager: RESTful endpoint to refresh token
  50. How to use Python to create a Post in WordPress?
  51. Best Authetication between REST API and Mobile App
  52. Cannot use WordPress Application Passwords: “code”: “rest_no_route” “status”:404 for /wp-json/wp/v2/users/me/application-passwords
  53. Log in user using WordPress REST API
  54. How to display relations via wordpress Rest API
  55. Secure WordPress API, how?
  56. wp_nonce vs jwt
  57. WordPress REST API in Integromat: How to overcome “Sorry, you are not allowed to list users / edit this…”
  58. What’s the right way to validate JSON data coming from an AJAX POST request?
  59. Remove unwanted fields from WP API response
  60. WordPress API “code”:”rest_no_route” with Custom Route
  61. How can I secure my custom rest api endpoint or add under a already existing rest group
  62. Register rest field authentication with REST API
  63. REST API Integration without user account?
  64. WP REST API with Basic Auth at target website
  65. API request forbidden when requesting from same domain
  66. Cant POST with REST API on WordPress
  67. REST API – Authentication/Logon security
  68. Woocommerce API for calling products by Category ID
  69. custom REST endpoints and application passwords
  70. How can I enforce user to use Application password to generate JWT token? [closed]
  71. How to use OAuth authentication with REST API via CURL commands?
  72. Adding WordPress API Endpoint With Multiple Parameters
  73. WordPress REST API call generates nonce twice on every call
  74. How to filter or search the posts using postmeta tables custom meta fields with wordpress REST API
  75. Match REST API post output from custom endpoint
  76. Does accessing WordPress via REST API affect the site stats and analytics?
  77. x-wp-nonce is not allowed by Access-Control-Allow-Headers in preflight response
  78. How to get around WP REST API per page limit without pagination?
  79. WP API ignores filter parameter
  80. node-wpapi: how to handle authentication?
  81. Can the new REST API now make WP into it’s own push notification server?
  82. Confused about AngularJS and WordPress
  83. Post API tax_relation field doesn’t work
  84. How to post an unserialized array via wordpress rest API as meta data
  85. Adding custom end points, No error line
  86. Get subscribers via REST API and send post notification
  87. How to get featured image in WP rest api
  88. WordPress API for custom post types returns rest_no_route
  89. How can I spin up a new website for a registered user automatically?
  90. Is there a way I can fetch the WordPress Developer Code References with an API?
  91. Pull in ALL posts from the last two weeks using Rest API
  92. Uploading picture via REST API
  93. How to modify the HTML output of Gutenberg block? (Youtube)
  94. Update block once an API request returns with a value
  95. Accessing secure endpoint with X-WP-Nonce?
  96. Rest api request throttling
  97. Properly process a custom WP REST API request (Authenticate, Authorize + Validate)?
  98. Update post / page using API + python
  99. Callback API for getting response from fygaro payment gateway
  100. Subscriber role cann’t add comment meta using REST API