As I said in the comments, since it’s a custom endpoint, you could just cancel the post creation via the main callback, i.e. something like so: ‘callback’ => function () { if ( some condition ) { // create the post } else { // return existing post or something else } } And here’s … Read more
The REST API does not support basic authentication out of the box, you need a plugin. The documentation points to this one, accompanied by this warning: Note that this plugin requires sending your username and password with every request, and should only be used for development and testing i.e. not in a production environment.
This should work: function wpse_20160421_get_author_meta($object, $field_name, $request) { $user_data = get_userdata($object[‘author’]); // get user data from author ID. $array_data = (array)($user_data->data); // object to array conversion. $array_data[‘first_name’] = get_user_meta($object[‘author’], ‘first_name’, true); $array_data[‘last_name’] = get_user_meta($object[‘author’], ‘last_name’, true); // prevent user enumeration. unset($array_data[‘user_login’]); unset($array_data[‘user_pass’]); unset($array_data[‘user_activation_key’]); return array_filter($array_data); } function wpse_20160421_register_author_meta_rest_field() { register_rest_field(‘post’, ‘author_meta’, array( ‘get_callback’ => ‘wpse_20160421_get_author_meta’, … Read more
First of all, this is intentional behaviour, as relayed in a Slack discussion described in this ticket (this has likely been discussed in other places, but that’s the first I found): tl;dr: CORS is built for CSRF protection, but WordPress already has a system for that (nonces), so we “disable” CORS as it gets in … Read more
What do you mean by “external users”? If you only want Users, that are logged into your website, to use the API Endpoint, you can filter the “rest_authentication_errors” like described here Add this to your plugin: add_filter( ‘rest_authentication_errors’, function( $result ) { if ( ! empty( $result ) ) { return $result; } if ( … Read more
Maybe not exactly the answer you are looking for, but here it goes…. The rest API as it is implemented in wordpress core is a mockery of how APIs should be designed and the less you use it the better. Obviously it will be just stupid to not use a core API that does exactly … Read more
Have you tried the official Basic Authentication plugin? https://github.com/WP-API/Basic-Auth
It is a bit more complicated to achieve. It needs too filters : one to allow the new REST parameter another to set the WP_Query argument add_filter( ‘rest_post_collection_params’, ‘collection_params’, null, 2 ); add_filter( ‘rest_post_query’, ‘query’, null, 2 ); function collection_params( array $query_params, \WP_Post_Type $post_type ): array { $query_params[‘post__not_in’] = [ ‘description’ => ‘Excludes posts.’, ‘type’ … Read more
receive a custom parameter with rest api
WP-REST create user with custom meta