Force REST API Authentication for each request method

You can’t really apply authentication based directly on whether the request is GET or otherwise, but can forcefully apply authentication requirements globally in that manner, if you like.

I’ve been quite verbose with the code to illustrate what’s happening:

add_filter( 'rest_authentication_errors', function ( $error ) {

    /**
     * If it's a WP_Error, leave it as is. Authentication failed anyway
     *
     * If it's true, then authentication has already succeeded. Leave it as-is.
     */
    if ( strtolower( $_SERVER[ 'REQUEST_METHOD' ] ) === 'get' && !is_wp_error( $error ) && $error !== true ) {

        if ( !is_user_logged_in() ) {
            $error = new \WP_Error( 'User not logged-in' );
        }
        
    }

    return $error;
}, 11 );

Assumptions:

  • PHP is at least version 5.3
  • We’re only testing GET requests
  • If an authentication error has been met before this filter is executed, then we leave the error as-is.
  • If there is no error, and in-fact it’s set to true, then this means authentication has already succeeded and there’s not need to block anything.
  • We’re only testing whether or not the user making the request is logged-in i.e. is authenticated with WordPress.

Related Posts:

  1. Properly process a custom WP REST API request (Authenticate, Authorize + Validate)?
  2. Authenticate + Authorize WP REST API request before built-in WP JSON Schema Payload Validation?
  3. cURL 28 error after switch from to brew php 7.2 on localhost
  4. How to loop through JSON data in wordpress WP REST API
  5. WordPress “Link has expired” error on updating posts
  6. Creating a post with the REST API, curl and oauth returning 401 error
  7. Does the REST API (official) support custom post types?
  8. How to make an meta_query optional?
  9. Create a new user using WP REST API and declare meta object
  10. Ajax call to my WordPress website from an external application [duplicate]
  11. Problem with Woocommerce REST API Authentication
  12. How Do I Add User Custom Field to REST API Response?
  13. wordpress custom endpoint multiple params
  14. register_rest_route regex option for base64 or alternate
  15. Error when requesting password reset email – wp authentication
  16. Continue execution after WP REST API response
  17. using woocommerce_template_single_add_to_cart in shop-loop – javascript issues [closed]
  18. How to generate HMAC-SHA1 signature to use with WP REST API and OAuth1
  19. How do I fetch all comments per post via WP REST API?
  20. How to filter posts by post format “standard” from wp-json api?
  21. Why is the post meta[] empty when I make a call to the wordpress rest api?
  22. WordPress 5 WP REST routes – No errors
  23. Is there an equivalent to WP_Error object I can return in the case of a successful REST request?
  24. Hooking into ‘authenticate’ causes login to submit on page load
  25. Woocommerce hook run after an Order been created through REST API
  26. what is the best practice to add new field to an api route
  27. How to show single category archive
  28. Woocommerce api: create product with images – bad request
  29. Woocommerce: hook action/filter I could use to add variation id and price with each attribute opt on WooCommerce Rest api
  30. Are nonces in WP REST API optional by default?
  31. how to save selected option in variable for rest api category filter
  32. Login to wordpress by clicking a link and specifying usernaname and password in url
  33. JSON REST API WordPress only showing first 10 categories
  34. Buddypress update user avatar image via REST
  35. Delete taxonomy and delete all post related it
  36. Building a REST API for your web app exposes primary keys of DB records?
  37. How to set a template with wp_insert_post
  38. Permission callback to check if user has application password
  39. Multiple requests external data api dynamic block gutenberg
  40. How can I spin up a new website for a registered user automatically?
  41. Simple WordPress endpoint route doesn’t work
  42. Is it possible to create new user from external form using REST API?
  43. Cant register rest routs from class instance
  44. WordPress REST API register_rest_route give a 500 error
  45. Prevent redirect to wp-login.php
  46. WC_Customer delete function returns error
  47. Custom route and query
  48. Validate and Sanitize WP REST API Request using WP JSON Schema?
  49. Filter by field with array value in ACF on WP REST API
  50. REST API works in browser and via AJAX but fails via cURL
  51. How to clone all WordPress Rest API end points
  52. no_rest_route error on custom routes
  53. Flatten Responses returned via WP REST API via WP_Error for obfuscation
  54. WP_REST_Response – How to return Gzip answer and add Content-encoding header?
  55. WordPress api post image raw data without being blank in media library
  56. Decode and Decrypt Azure B2C OpenID Authorization Token, Use Response in API Call (Example Token Within)
  57. REST api returns 404 on some WordPress sites
  58. Integrate admin plugin into template. Very interesant (live search + autocomplete with wp rest api, in vanilla js)
  59. Require()/Include() post template adding extra content
  60. WordPress 5.6 Application Passwords
  61. How do i post data to url with fields?
  62. Call WP Rest-Api to GET /users/me returned NOTHING in console
  63. REST API custom endpoint to fetch pages and posts not working
  64. WooCommerce REST API AJAX Auth – 401 response
  65. Looping through and combining calls to Woocommerce REST API
  66. get Woocommerce product format json for WP_Query
  67. Need to forward Data from WooCommerce Webhook sent to same site WordPress REST API custom endpoint
  68. Require advice handling a URL redirect from a Third Party. URL Params need to populate and then forward to payment
  69. How can i get the same ajax result using WP REST API instead of admin-ajax?
  70. Headers already sent error with get_template_part in REST API call
  71. How to pass and validate nonce in custom REST routes
  72. rest_cannot_create_user – Sorry, you are not allowed to create new users. CURL WORDPRESS REST API
  73. Query posts by custom taxonomy slug in WP REST API?
  74. oneOf JSON Schema validation not properly working for custom post meta value?
  75. REST API custom endpoints for metaboxes
  76. Adding Microsoft Teams Incoming Webhook to WordPress, Problem with Rest Route?
  77. WordPress REST API – Custom field not added to pages
  78. Pass media upload value to input field
  79. What does the token %1$s in WordPress represent [closed]
  80. WordPress redirect to landing page if not logged in
  81. Remove class that has been added by parent theme
  82. How to use a frontend URL with a Plugin
  83. Get list of shortcodes from content
  84. Adding Google Analytics code to the tag of specific pages
  85. Site Health : An active PHP session was detected
  86. Create Logout Link WordPress Admin Menu
  87. Display post image with fancybox
  88. WordPress 3.2 query_posts and pagination, permalinks issue
  89. Implement One Time URL Script
  90. Call to undefined function wp() in wp-blog-header.php
  91. How to pass Select value from Javascript to PHP to generate select option on change
  92. How to add author’s posts link (HTML + PHP) inside a function to output it
  93. Accidentally deleted php code in WordPress website [closed]
  94. WordPress Twenty Eleven PhP – forcing php code to skip first post on homepage?
  95. Add custom HTML data to Contact Form 7 mail?
  96. Gravity Forms: How to add PHP function to confirmation conditional shortcode?
  97. wpdb->query returns different value to phpMyAdmin
  98. When to use wp_register_script() function?
  99. How to create different templates for woocommerce single-product.php?
  100. How can I update a value of a field depending on outside source?