WordPress REST API calls that depend on the WordPress User

You could hook into the login process in the WP site and create a unique token (stored in meta) for that user on login. The token can then be sent to the other server, that could query the WP API with that token.

You would have to create a custom endpoint that validates the user token. Probably best to have some hash for the userid also.

Furthermore, on logout from the WP site or in some token validation cronjob, this token has to be invalidated for security purpose. Even better, if it’s just one request from the ‘other’ server, invalidate immediately and if on the WP server again, create a new token. So in effect, it’s a CSRF token (nonce) over multiple servers.

Related Posts:

  1. How to: Make JWT-authenticated requests to the WordPress API
  2. WordPress Rest API: How do we validate with our custom API key?
  3. How to Authenticate WP REST API with JWT Authentication using Fetch API
  4. authentication issue with rest api – rest_cannot_create
  5. Can I authenticate with both WooCommerce consumer key and JWT?
  6. WP REST API: check if user is logged in
  7. How to login to WordPress site using basic authentication HTTP headers?
  8. Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?
  9. WordPress REST API “rest_authentication_errors” doesn’t work external queries?
  10. Can’t GET draft posts via REST API from headless frontend
  11. Create Session with JWT
  12. WP REST API GET Requests require authentication
  13. current_user_can(‘administrator’) returns false when I’m logged in
  14. Authenticating with REST API
  15. Make authorization mandatory on custom routes
  16. WP REST API – Nonce passes wp_verify_nonce even after logout
  17. How to force JWT auth for default GET endpoints of WordPress rest api?
  18. REST API: best place to set current user for JWT auth?
  19. WordPress + REST API v2 and private pages Load by slug
  20. REST API authentication for a plugin
  21. PHP: authenticate for a REST request?
  22. Rest API basic auth not working
  23. Authenticate current user to REST API
  24. Rest API: wp_verify_nonce() fails despite receiving correct nonce value
  25. Getting 401 from ajax using an application password
  26. How to connect android app with WordPress website?
  27. WordPress HTTP API NTLM Authentication
  28. Advanced Access Manager: RESTful endpoint to refresh token
  29. Best Authetication between REST API and Mobile App
  30. Log in user using WordPress REST API
  31. Secure WordPress API, how?
  32. wp_nonce vs jwt
  33. register/login api
  34. How can I secure my custom rest api endpoint or add under a already existing rest group
  35. Register rest field authentication with REST API
  36. REST API Integration without user account?
  37. WP REST API with Basic Auth at target website
  38. Cant POST with REST API on WordPress
  39. REST API – Authentication/Logon security
  40. custom REST endpoints and application passwords
  41. wordpress rest api authentication failed
  42. How to use WP-REST API to login user and get user data for Android app?
  43. WP REST API returns blank response if post is too long
  44. How to feed a HTML5’s EventSource with a REST API custom endpoint?
  45. Retrieve CSS and JS From the REST API
  46. WordPress 4.7 REST API endpoints
  47. REST API multiple media upload
  48. Can’t send emails through REST API
  49. 401 Error when trying to make a REST API call to site
  50. Does jQuery/Ajax send cookies when using the rest API or do I need to somehow add them?
  51. Android authentication
  52. Upload image to wordpress using REST API
  53. Can I define multiple callback methods depending on the call method?
  54. Filter post content in REST API
  55. WP Rest API convert permalink to post ID for fetch
  56. How add meta fields to a user with the wp-api?
  57. WordPress Rest API response
  58. Check Password Strength using WordPress API
  59. Why does AWStats show /wp-json* as Viewed URLs
  60. How send get request to external api with username and password
  61. permission_callback has no effect
  62. Updating link on page via REST api
  63. How to order WordPress Rest API data
  64. WP Rest API – How to convert embedded to json object in Java [closed]
  65. WP REST API plugin 500 errors?
  66. wp-cli command throws error : “SSL routines:tls_process_server_certificate:certificate verify failed” while querying https website
  67. Setting maintenance mode via REST API
  68. How to receive data by http POST request
  69. rendering view in backbone
  70. WP API querying a custom post type and a custom field
  71. Custom endpoint to get all custom taxonomy terms
  72. Notify Jenkins of new post on WordPress
  73. Curl requests sent two times
  74. Check authentication credentials using WP REST API
  75. How to get author meta into post endpoint in api v2
  76. WordPress REST API V2: how to get list of all posts?
  77. Sidebar endpoint using WordPress API
  78. How to get data from /wp-json/wp/v2/users/me
  79. Get custom posts in gutenberg block
  80. WordPress REST API parameters are not affecting a response
  81. Update meta_value in wp_postmeta using API
  82. WordPress plugin with CORS
  83. WordPress REST API not working on localhost
  84. REST API – Allow /users endpoint depending on a custom capability
  85. “Error: cURL error 60: SSL certificate problem: certificate has expired” when create product in WooCommerce via REST API
  86. How to use WordPress REST api to login a user?
  87. Create User with Profile and Cover Images using REST API
  88. Wrong encoding of dynamic block properties problem when loggen in as editor
  89. Remove unwanted fields from WP API response
  90. Need wp rest api for featured video post
  91. REST api header link href
  92. Error rest_post_invalid_page_number trying to call Rest API
  93. WordPress & React Native
  94. update meta data (like view counter) by rest-api
  95. Rest API hook ‘rest_insert_post’ not returning request object
  96. How Can I keep password protected posts in the json requests but not on frontend queries?
  97. WP_REST_Request::get_json_params() Parsing null as Zero
  98. Script tag in string in wordpress rest api body to create post
  99. Customizer Changeset, Sidebar and Rest API Custom Endpoints
  100. WordPress REST API won’t allow me to filter by author ID when called internally, works externally in Postman