How to block external access to register_rest_route callback?

When registering a route with register_rest_route() you can provide a permission_callback which is a function that checks whether the user has permission to use the endpoint. If only Administrator users should be able to use the endpoint then you can check for the manage_options capability in the callback, like this:

register_rest_route( 'myplugin/v1', 'update-rmp'', array(
    'permission_callback' => function () {
        return current_user_can( 'manage_options' );
    },
) );

Note: Do not use wp/v2 as the namespace. That namespace is for endpoints registered by WordPress itself. Third party themes and plugins should use their own namespace.

To make your API request as a user with the required privileges, sign in as that user and go to Users > Profile and look for the Application Passwords section. Add a new application password and copy the result. You can now use this password from your application using Basic Authentication:

curl --user "USERNAME:PASSWORD" -X POST https://example.com/wp-json/myplugin/v1/update-rmp

Just substitute USERNAME with your WordPress username, and PASSWORD with the application password.

Related Posts:

  1. Does something like is_rest() exist
  2. Get post count in wp rest API v2 and get all categories
  3. WP REST API — How to change HTTP Response status code?
  4. wp_get_current_user() function not working in Rest API callback function
  5. WP REST API Is it rather easy to rename the default wp-json uri part?
  6. Search WP API using the post title
  7. Understanding SHORTINIT with WordPress 5
  8. Does pre_get_posts affect REST API responses?
  9. Is it possible to nest the JSON result of WordPress REST API?
  10. Filter post_content before loading in Gutenberg editor
  11. Trying to get an api request getting error 404
  12. rest_post_query on multiple post types?
  13. Wp Rest Api Custom Endpoint for page subpages
  14. Full page NGINX (or Cloudflare) caching and WordPress nonces
  15. WP REST API returns incorrect data?
  16. Display post title from WordPress excluding a string via API
  17. WP_REMOTE_POST Requests are being blocked by API provider [closed]
  18. Is it posible to use wp.data.select(‘core’) outside a block?
  19. Can you Use the Rest API to query a custom database table
  20. Is there anyway to format my EndPoint URL in WordPress?
  21. Return WP_Error as WP_REST_Response
  22. Why the Path is different with the one coded in rest
  23. Custom Rest API POST endpoint with conditionally required parameters
  24. What is the meta field in the response of the user REST API?
  25. Is there any way to clear cache when making REST API request?
  26. Custom API endpoint to create gallery for post
  27. Register REST route with a multi-value parameter
  28. How do I add meta when creating a post with rest api?
  29. WordPress + REST API v2 and private pages Load by slug
  30. Change permissions on REST api?
  31. WP-REST create user with custom meta
  32. receive a custom parameter with rest api
  33. PHP: authenticate for a REST request?
  34. Is it Ok to restrict Access-Control-Allow-Origin for /wp-json requests?
  35. Validate rest-api call on create
  36. If I use WordPress REST API V2 and someone makes an app using it. Will my site count the posts views from the APP? And if not, then how?
  37. How to store and return json in a (custom) post meta field
  38. Sorry, you are not allowed to list users
  39. Authenticate current user to REST API
  40. rest api endpoint – accept diacritic characters
  41. WordPress REST API rest_comment_invalid_author Sorry, you are not allowed to edit ‘author’ for comments
  42. How to delete user using rest api without reassigning
  43. How to change the date and time in REST API for comments?
  44. Rest API V2 custom post type. I only need the title and link
  45. Retriving all users with REST API not working
  46. Is there a way to download only the Rest API part of WordPress?
  47. Custom WP API endpoint NULL body data
  48. Accessing private posts through REST API, same code that works in remote doesn’t in local
  49. What is an endpoint for custom post type comments in REST API?
  50. Rest API: trouble receiving response through script (browser and Postman display correctly)
  51. Advanced Access Manager: RESTful endpoint to refresh token
  52. `WP_REST_Controller::get_endpoint_args_for_item_schema` Does Not Set `required` Property from Schema
  53. Extending REST API responses
  54. How would I know if my system using REST api or not?
  55. Error message: Response is not a valid JSON response
  56. How to use query parameters, as “_fields”, to filter data inside an array in the REST API?
  57. WordPress server banning IP
  58. How to add Relations of a CCT from JetEngine via WordPress Rest API
  59. WP Rest_API- Post request for images returns empty
  60. DELETE request using WP REST API
  61. Pass multiple tags slug to rest API
  62. Return a WP_REST_Response from an inner function (and not from the root callback)
  63. register_rest_route with method POST but in wp-json/ is showing GET
  64. wp_nonce vs jwt
  65. Rest Api fetching only one random post
  66. Accessing Custom REST endpoint with rest_do_request()
  67. How to add taxonomy to a post using WP REST API?
  68. WP CLI in WP 5.3 with PHP 7.4
  69. Get wordpress post with featured image, category and tag from WordPress API
  70. WP API file_get_contents return TTP request failed! HTTP/1.1 401 Unauthorized
  71. Extract XML/JSON element from Zillow API response and populate into Gravity Forms field
  72. REST API and Loopback error
  73. Rest API: Register and Login errors aren’t specific
  74. Not able to delete media by REST API
  75. How can I secure my custom rest api endpoint or add under a already existing rest group
  76. Need to get user data via API
  77. REST API retrieving posts from www.sitename.com/category/news/ instead of just just from www.sitename.com
  78. WordPress single page website redirect to index.html
  79. How to get the most recently updated orders via the REST API?
  80. Fetching all users that didn’t post with rest api (current version 2)
  81. Calling a python script from custom wordpress rest api returns null
  82. REST API get featured image source for custom post type
  83. WordPress RESTAPI – Restrict unknown
  84. WordPress Rest API Error 502
  85. Fix Characters WordPress Ionic App
  86. Paid membership Pro Rest API
  87. Can we use website data which is having wp rest api plugin?
  88. WP Rest API V2 OR Operator in URL
  89. wp_query json ouput
  90. GET request for media files in WP REST API 2 results in an empty array
  91. how can I add an URL parameter to a rest route using register_rest_route()?
  92. Fatal error: Call to undefined function register_rest_route()
  93. Is it possible to bulk update a table using WP Rest API?
  94. Call to undefined function upload_is_user_over_quota()
  95. Get custom data from the user REST API endpoint
  96. Custom rest api endpoint response json problem
  97. get the current logged in user using WooCommerce API in React App [closed]
  98. What filtering is available for backbone.js?
  99. Woocommerce API for calling products by Category ID
  100. wordpress rest api authentication failed
error code: 523