I’ve been working on a similar issue today. Here’s what I’ve done:
add_filter('rest_dispatch_request', function($dispatch_result, $request,
$route, $handler) {
if (!is_user_logged_in()) {
$dispatch_result = new WP_Error(
'rest_not_logged_in',
__( 'You are not currently logged in.' ),
array( 'status' => 401 )
);
}
return $dispatch_result;
}, 10, 4);
You may want to use the $handler to determine which requests you want to restrict.
Related Posts:
- How to: Make JWT-authenticated requests to the WordPress API
- WordPress Rest API: How do we validate with our custom API key?
- How do I use the WP REST API plugin and the OAuth Server plugin to allow for registration and login?
- How to Authenticate WP REST API with JWT Authentication using Fetch API
- authentication issue with rest api – rest_cannot_create
- How to build a plugin that supports authenticated POST requests to the REST API from external servers?
- Can I authenticate with both WooCommerce consumer key and JWT?
- WP REST API: check if user is logged in
- How to login to WordPress site using basic authentication HTTP headers?
- Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?
- WordPress REST API “rest_authentication_errors” doesn’t work external queries?
- Can’t GET draft posts via REST API from headless frontend
- Create Session with JWT
- current_user_can(‘administrator’) returns false when I’m logged in
- Authenticating with REST API
- Make authorization mandatory on custom routes
- WP REST API – Nonce passes wp_verify_nonce even after logout
- Erratic OAuth 1.0 Signature Mismatch Errors
- How to force JWT auth for default GET endpoints of WordPress rest api?
- REST API: best place to set current user for JWT auth?
- WordPress + REST API v2 and private pages Load by slug
- REST API authentication for a plugin
- PHP: authenticate for a REST request?
- Rest API basic auth not working
- Authenticate current user to REST API
- Rest API: wp_verify_nonce() fails despite receiving correct nonce value
- Getting 401 from ajax using an application password
- How to connect android app with WordPress website?
- WordPress REST API calls that depend on the WordPress User
- WordPress HTTP API NTLM Authentication
- Advanced Access Manager: RESTful endpoint to refresh token
- Best Authetication between REST API and Mobile App
- Log in user using WordPress REST API
- Secure WordPress API, how?
- wp_nonce vs jwt
- register/login api
- How can I secure my custom rest api endpoint or add under a already existing rest group
- Register rest field authentication with REST API
- REST API Integration without user account?
- WP REST API with Basic Auth at target website
- Cant POST with REST API on WordPress
- REST API – Authentication/Logon security
- custom REST endpoints and application passwords
- wordpress rest api authentication failed
- What is an Endpoint?
- Does something like is_rest() exist
- WP REST API — How to change HTTP Response status code?
- Search WP API using the post title
- Understanding SHORTINIT with WordPress 5
- Filter post_content before loading in Gutenberg editor
- rest_post_query on multiple post types?
- Wp Rest Api Custom Endpoint for page subpages
- Limit REST API output to current logged in user that is also author of the content
- WP REST API returns incorrect data?
- Use WordPress with a custom OAuth2 provider
- Is it posible to use wp.data.select(‘core’) outside a block?
- how to send Ajax request in wordpress backend
- Can you Use the Rest API to query a custom database table
- Why the Path is different with the one coded in rest
- how to avoid timeouts with remote API requests?
- Blocks Rest API rest_cannot_delete
- WP-REST create user with custom meta
- receive a custom parameter with rest api
- If I use WordPress REST API V2 and someone makes an app using it. Will my site count the posts views from the APP? And if not, then how?
- How to store and return json in a (custom) post meta field
- Sorry, you are not allowed to list users
- Get a remote post ID via API given URL
- Core function to check if a rest namespace exists
- How to change the date and time in REST API for comments?
- Rest API V2 custom post type. I only need the title and link
- Retriving all users with REST API not working
- Is there a way to download only the Rest API part of WordPress?
- Custom WP API endpoint NULL body data
- What is an endpoint for custom post type comments in REST API?
- How would I know if my system using REST api or not?
- How to display relations via wordpress Rest API
- How to verify which WordPress user requested the API in ASP .NET Core?
- WP Rest_API- Post request for images returns empty
- DELETE request using WP REST API
- Fetching WordPress Private Posts, Public Posts Via Default REST API Endpoint
- Got Blank issue for get data from /wp-json/v2/post
- How do i POST to WordPress rest API from the same domain?
- WP API file_get_contents return TTP request failed! HTTP/1.1 401 Unauthorized
- Not able to delete media by REST API
- Need to get user data via API
- REST API retrieving posts from www.sitename.com/category/news/ instead of just just from www.sitename.com
- REST API get featured image source for custom post type
- Custom rest API route not passing data along
- How to filter wp-json/wp/v2/users response on custom metas?
- Paid membership Pro Rest API
- wp_query json ouput
- GET request for media files in WP REST API 2 results in an empty array
- Fatal error: Call to undefined function register_rest_route()
- API wp-json/wp/v2/pages/ returns a different result if page is specified
- Securing REST API wp-json/wp/v2/users endpoint
- Rest Api WordPress
- WordPress REST API won’t allow me to filter by author ID when called internally, works externally in Postman
- Rest API is running, but /wp-json/wp/v2/ shows only old dates
- How can I enforce user to use Application password to generate JWT token? [closed]
- Rest Api Error ‘ Error: {‘code’: ‘rest_no_route’, ‘message’: ‘No route was found matching the URL and request method.’, ‘data’: {‘status’: 404}}@ [closed]