how to sanitizing $_POST with the correct way?

Instead of looping through the array, use this: map_deep( $form_data, ‘sanitize_text_field’ ); (see the User Notes in the function doc: https://developer.wordpress.org/reference/functions/sanitize_text_field/ ) The docs state that Checks for invalid UTF-8, Converts single < characters to entities Strips all tags Removes line breaks, tabs, and extra whitespace Strips percent-encoded characters So you could also use the … Read more

oneOf two possible objects in WP REST API?

Aight got it, the crucial missing thing was that you have to provide this part here: ‘type’ => ‘object’ twice; once when declaring the variable’s type, and once again when defining the possibilities. Otherwise, validation fails; so a proper example would be: ‘args’ => [ ‘data’ => [ ‘type’ => ‘object’, ‘oneOf’ => [ [ … Read more