The token just authenticates the request as coming from a specific user. You still need to use the permissions callback to check if that user has permission for whatever it is you’re doing. If you omit the permissions_callback argument when registering the route then the route is public.
If you only need to check if there is a user, and not specific permissions, you could just use is_user_logged_in():
register_rest_route( 'v1/', 'info', array(
'methods' => 'GET',
'callback' => 'api_version',
'permissions_callback' => function() {
return is_user_logged_in();
},
) );
Related Posts:
- REST API purpose?
- Get post count in wp rest API v2 and get all categories
- wp_get_current_user() function not working in Rest API callback function
- How to use WP-REST API to login user and get user data for Android app?
- WP REST API Is it rather easy to rename the default wp-json uri part?
- Displaying a page built with Elementor using the REST API [closed]
- WP REST API returns blank response if post is too long
- Does pre_get_posts affect REST API responses?
- How to feed a HTML5’s EventSource with a REST API custom endpoint?
- Retrieve CSS and JS From the REST API
- How to Authenticate WP REST API with JWT Authentication using Fetch API
- WordPress 4.7 REST API endpoints
- wordpress wp-json prefix issue
- Get blog title with REST v2
- Is it possible to nest the JSON result of WordPress REST API?
- REST API multiple media upload
- 401 Error when trying to make a REST API call to site
- Create post using rest api with html content
- Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?
- Trying to get an api request getting error 404
- Upload image to wordpress using REST API
- Can I define multiple callback methods depending on the call method?
- Filter post content in REST API
- How should an old API version be deprecated gracefully?
- Full page NGINX (or Cloudflare) caching and WordPress nonces
- How add meta fields to a user with the wp-api?
- WordPress Rest API response
- WP 5.5 Fatal Error – get_rest_controller() in rest-api.php
- REST API GET users
- Display post title from WordPress excluding a string via API
- How send get request to external api with username and password
- WP_REMOTE_POST Requests are being blocked by API provider [closed]
- wp_get_object_terms() returns invalid taxonomy inside rest_api_init hook
- permission_callback has no effect
- Authenticating with REST API
- Make authorization mandatory on custom routes
- WP Rest API – How to convert embedded to json object in Java [closed]
- Why the Path is different with the one coded in rest
- WP REST API – Nonce passes wp_verify_nonce even after logout
- WP REST API plugin 500 errors?
- Setting maintenance mode via REST API
- How to receive data by http POST request
- WP API querying a custom post type and a custom field
- Custom endpoint to get all custom taxonomy terms
- how to avoid timeouts with remote API requests?
- rest_api_init is run on every rest call to endpoint
- Notify Jenkins of new post on WordPress
- Curl requests sent two times
- WP-REST create user with custom meta
- receive a custom parameter with rest api
- How to get author meta into post endpoint in api v2
- If I use WordPress REST API V2 and someone makes an app using it. Will my site count the posts views from the APP? And if not, then how?
- How to store and return json in a (custom) post meta field
- Sorry, you are not allowed to list users
- Get a remote post ID via API given URL
- Core function to check if a rest namespace exists
- How to change the date and time in REST API for comments?
- Rest API V2 custom post type. I only need the title and link
- Retriving all users with REST API not working
- Is there a way to download only the Rest API part of WordPress?
- Register GET REST API route with multiple parameters
- Custom WP API endpoint NULL body data
- Making internal rest requests non-blocking?
- WordPress HTTP API NTLM Authentication
- WordPress REST API parameters are not affecting a response
- How To Bulk Import wp_postmeta records in an API call?
- Rest API in self-hosted page doesn’t work [closed]
- WordPress custom REST API: How to validate input data by many context?
- Authenticate rest API except for contact-form-7
- How to access wordpress menu & submenu item through the REST API?
- WordPress plugin with CORS
- WordPress Rest API- Allow creation of users with identical email addresses when only using rest api
- Inspecting WP_Rest_Request
- WordPress API fields modification
- “Error: cURL error 60: SSL certificate problem: certificate has expired” when create product in WooCommerce via REST API
- How to use WordPress REST api to login a user?
- wp_insert_post function and automatic trashing posts once is no longer in API
- How to deliver webp format of images to WP REST API
- register/login api
- Wrong encoding of dynamic block properties problem when loggen in as editor
- WP Rest API in Android studio does not show Images
- Need wp rest api for featured video post
- WordPress improve REST API – SHORTINIT not work
- Update membership level via API request if using simple membership plugin
- REST api header link href
- WordPress & React Native
- Rest API encoding of double quotes
- view counter update in WordPress REST api HTTP get
- update meta data (like view counter) by rest-api
- Rest API hook ‘rest_insert_post’ not returning request object
- How Can I keep password protected posts in the json requests but not on frontend queries?
- Trouble Commenting via the WP REST API using nonces
- WordPress REST API not displaying all information
- Create a new page on front page for logged in user
- In Rest API 2.0 is it possible to get some meta fields but not others?
- How to cache WordPress oembed links in the page header?
- Customizer Changeset, Sidebar and Rest API Custom Endpoints
- REST API – Authentication/Logon security
- Restrict Image Sizes and Dimensions when Uploading via the WP Mobile App
- Can I use the Backbone REST API client outside WordPress?