/wp-json/ is the base part of the WordPress REST API https://developer.wordpress.org/rest-api/ An authors ID isn’t a big deal. I would imagine on your theme, every time the post authors name shows, within the HTML showing the name, there’d be element classes containing the authors ID. It’s normal to have shown in publicly viewable source code, … Read more
To answer the question directly – The REST API do not initialize a main query, therefor there should not be any for requests coming that way. What you should do is to create your own end point and server what ever custom data you need on it. Modifying the REST API, while possible, violates the … Read more
There is no built-in endpoint for sites on a multisite network. As can be seen in the documentation, the built-in endpoints are: +—————-+——————-+ | Posts | /wp/v2/posts | +—————-+——————-+ | Post Revisions | /wp/v2/revisions | +—————-+——————-+ | Categories | /wp/v2/categories | +—————-+——————-+ | Tags | /wp/v2/tags | +—————-+——————-+ | Pages | /wp/v2/pages | +—————-+——————-+ | … Read more
When you create or update a post, you can pass a featured_media argument in the POST data containing the media file’s post ID. (It appears you need to have the media item’s post ID, not the URL, for this to work.)
I really hope that you have managed this issue. In case you don’t, this kinda works for me since there is a way to register a custom acf endpoint, in the functions.php file you have to add the next code: //Custom acf endpoint; function my_endpoint( $request_data ) { // setup query argument $args = array( … Read more
In this tutorial, the post var status=”draft”; (see code). So I am just worried that won’t anyone able to hack that status? It depends who it is. A logged out user cannot create any posts at all. A subscriber cannot either. A contributor could create the post, but not publish it. An author or editor … Read more
You need to pass the wp_rest nonce with the JavaScript request that you send to REST. This nonce is what passes the information from PHP to JavaScript about which user is making the request. Example: <form> <input type=”text” name=”rest_auth_nonce” value=”<?= esc_attr( wp_create_nonce( ‘wp_rest’ ) ) ?>”> </form> <script> jQuery.ajax({ beforeSend: function (xhr) { xhr.setRequestHeader(‘X-WP-Nonce’, jQuery(‘form’).find(‘input[name=”rest_auth_nonce”]’).val()); … Read more
I’m not entirely sure what will be better explanation, or why this one (the real one) is not enough. In your stats you see URLs of requests and not paths to files. URL has nothing to do with files on server. Yes – if the requests targets physical file, then that file exists, but… There … Read more
I found out this bug https://github.com/WordPress/gutenberg/issues/4989 If an attribute get data from meta, and then post is saved/updated, it always return as undefined
Read the docs: you need to add a Header named X-WP-Nonce to your requests to the API that require authentication, as you can see in the jQuery example. However the catch is getting that nonce in the first place. WordPress inject that token itself in the post editing screens. Type wpApiSettings in the developer console … Read more