WP REST API GET Requests require authentication

I’ve been working on a similar issue today. Here’s what I’ve done: add_filter(‘rest_dispatch_request’, function($dispatch_result, $request, $route, $handler) { if (!is_user_logged_in()) { $dispatch_result = new WP_Error( ‘rest_not_logged_in’, __( ‘You are not currently logged in.’ ), array( ‘status’ => 401 ) ); } return $dispatch_result; }, 10, 4); You may want to use the $handler to determine …

Read more

$_SESSION variables lost during OAuth callback

With my version of wordpress there is NO session. So when I call $_SESSION[‘callback_state’]=stuff it’ll gladly save it to a temporary stack local variable instead of with the actual session. So before you redirect do: if (!session_id()) {session_start();} //then the normal redirect header(“location: $newUrl”); exit(0);

How to build a plugin that supports authenticated POST requests to the REST API from external servers?

Answering my own question. For plugin developers, the directive is to use current_user_can() in your code as usual in the REST endpoints, as Core does. WordPress 5.4 does not support authenticated requests originated from outside WordPress to the REST API yet. But your clients can use plugins such as Basic Auth, OAuth2 or JWT to …

Read more