How to build a plugin that supports authenticated POST requests to the REST API from external servers?

Answering my own question. For plugin developers, the directive is to use current_user_can() in your code as usual in the REST endpoints, as Core does. WordPress 5.4 does not support authenticated requests originated from outside WordPress to the REST API yet. But your clients can use plugins such as Basic Auth, OAuth2 or JWT to … Read more

Utilize WordPress Authentication Only

Not sure, but currently in my mind the first solution. Do you need the data from WordPress for the authentication. If you include the wp-load.php you have access to WordPress and his functions, maybe to identifier. But the file to include as static path is not really great and solid. define( ‘WP_USE_THEMES’, FALSE ); require( … Read more

How to Authenticate WP REST API with JWT Authentication using Fetch API

‘Authenticate’: ‘Basic {what do I put here?}’ // Do I need “Basic”? No, it’s not Basic. It’s Bearer. And the header is Authorization. So first, obtain a token from /wp-json/jwt-auth/v1/token: fetch( ‘http://example.com/wp-json/jwt-auth/v1/token’, { method: ‘POST’, body: JSON.stringify( { // Username of a user on the WordPress website in which the REST API request // is … Read more

Facebook OAuth, WP_Http::request() vs wp_remote_request()

To answer my own question, when you use WP_Http, the transport used is selected, in this order, from this array: $request_order = array( ‘curl’, ‘streams’, ‘fsockopen’ ); If your PHP supports curl, WP_Http_Curl is used. Curl doesn’t support adding the body array parameters when the method is GET WP_Http_Streams and WP_Http_Fsockopen on the other hand, … Read more