The true reason of not using nonces for non logged in users, is that it adds a pointless burden on their usage as they need to refresh the page when the nonce expire, and the only way they will know that they need to do it is when something do not work.
There is probably no reason to avoid generating it, but if you expect that your “app” will be used/open for more then 12 hours (that is the “tick” time used to calculate wordpress nonces) then either you need to also have an automatic way to refresh the nonce (might be a good idea for logged in users as well) or avoid using it in the first place.
Related Posts:
- WP REST API: check if user is logged in
- Can’t GET draft posts via REST API from headless frontend
- Rest API: wp_verify_nonce() fails despite receiving correct nonce value
- Log in user using WordPress REST API
- wp_nonce vs jwt
- Register rest field authentication with REST API
- How to: Make JWT-authenticated requests to the WordPress API
- WordPress Rest API: How do we validate with our custom API key?
- WordPress REST API call generates nonce twice on every call
- How to Authenticate WP REST API with JWT Authentication using Fetch API
- authentication issue with rest api – rest_cannot_create
- Can I authenticate with both WooCommerce consumer key and JWT?
- How to login to WordPress site using basic authentication HTTP headers?
- Can we access the REST request parameters from within the permission_callback to enforce a 401 by returning false?
- WordPress REST API “rest_authentication_errors” doesn’t work external queries?
- Create Session with JWT
- Full page NGINX (or Cloudflare) caching and WordPress nonces
- WordPress REST API, Expired Nonce from Cache results in 403 forbidden
- Passing a borrowed nonce through Postman fails
- how to send Ajax request in wordpress backend
- permission_callback has no effect
- WP REST API GET Requests require authentication
- current_user_can(‘administrator’) returns false when I’m logged in
- Authenticating with REST API
- Make authorization mandatory on custom routes
- How to force JWT auth for default GET endpoints of WordPress rest api?
- REST API: best place to set current user for JWT auth?
- WordPress + REST API v2 and private pages Load by slug
- REST API authentication for a plugin
- PHP: authenticate for a REST request?
- Rest API basic auth not working
- Authenticate current user to REST API
- Getting 401 from ajax using an application password
- How to connect android app with WordPress website?
- WordPress REST API calls that depend on the WordPress User
- Backbone with custom rest endpoints
- WordPress HTTP API NTLM Authentication
- Advanced Access Manager: RESTful endpoint to refresh token
- Best Authetication between REST API and Mobile App
- How to verify which WordPress user requested the API in ASP .NET Core?
- Secure WordPress API, how?
- register/login api
- How can I secure my custom rest api endpoint or add under a already existing rest group
- REST API Integration without user account?
- WP REST API with Basic Auth at target website
- Cant POST with REST API on WordPress
- REST API – Authentication/Logon security
- Rest API nonce is being cached
- custom REST endpoints and application passwords
- wordpress rest api authentication failed
- How to use WP-REST API to login user and get user data for Android app?
- Getting user meta data from WP REST API
- WP REST API returns blank response if post is too long
- How to feed a HTML5’s EventSource with a REST API custom endpoint?
- Retrieve CSS and JS From the REST API
- WordPress 4.7 REST API endpoints
- Headless WordPress: How to authenticate front end requests?
- REST API multiple media upload
- 401 Error when trying to make a REST API call to site
- Does jQuery/Ajax send cookies when using the rest API or do I need to somehow add them?
- Android authentication
- Upload image to wordpress using REST API
- Can I define multiple callback methods depending on the call method?
- Filter post content in REST API
- How add meta fields to a user with the wp-api?
- wp-admin AJAX with Fetch API is done without user
- WordPress Rest API response
- Send request to WordPress REST API
- Request to REST endpoint works fine in browser and curl, but fails from WP_REST_Request
- Why does AWStats show /wp-json* as Viewed URLs
- How send get request to external api with username and password
- Updating link on page via REST api
- How to order WordPress Rest API data
- WP Rest API – How to convert embedded to json object in Java [closed]
- is it possible to filter a rest api endpoint by using a registered rest field?
- Ho to style post content for WordPress API?
- rendering view in backbone
- Update a post based on results from GET request to another server
- Manipulating/view postmeta remotely
- Check authentication credentials using WP REST API
- WordPress REST API V2: how to get list of all posts?
- How to get data from /wp-json/wp/v2/users/me
- WordPress REST API parameters are not affecting a response
- Update meta_value in wp_postmeta using API
- WordPress plugin with CORS
- /wp-json/wp/v2/posts/?app=3 is returning random scripts tags
- “Error: cURL error 60: SSL certificate problem: certificate has expired” when create product in WooCommerce via REST API
- How to use WordPress REST api to login a user?
- Wrong encoding of dynamic block properties problem when loggen in as editor
- Need wp rest api for featured video post
- REST api header link href
- WordPress & React Native
- update meta data (like view counter) by rest-api
- Rest API hook ‘rest_insert_post’ not returning request object
- How Can I keep password protected posts in the json requests but not on frontend queries?
- How to use WordPress rest API with Angularjs 4 [closed]
- How can I set the default ‘orderby’ and ‘order’ parameters for a REST API call?
- What filtering is available for backbone.js?
- Login and register by API
- Woocommerce API for calling products by Category ID