Authenticate current user to REST API

I have a Plugin similiar to woocommerce which is providing me an REST API Endpoint for getting some user specific data.

When I try to access the API via Postman, i get an 401 - Not Authorized Error.

Of course, i have to authenticate my user to the api but how?

I found this (and many similar) posts to this topic: How to: Make JWT-authenticated requests to the Wordpress API

But all these examples seems to be for remote applications.

In my case, i want to use the api from my backend code.

And the page where i want to display the information (gathered from api) is only accessable for logged in users.

So i want to make an api call, for the current logged in user. This should happen automatically. Cant manually create keys for each user who wants to use the api, all users should have access.

Can i use the approach in the link or is there an better way to do this?

Topic authentication rest-api Wordpress

Category Web

1
answered at

Huge thanks nitsuj1001, this is the basic fix I was looking for.

I also have a single-page web application for logged-in users, and could not figure out how to get the REST API requests to stop setting the user ID to 0 ...

I think your code fragment only works if the Javascript code is embedded within a PHP file. My script.js is registered using wp_register_script()...

$the_timestamp = filemtime(CRI_ASSETS_BASE_DIR.'/js/script.js');   // defeat browser caching of Javascript
wp_register_script('cri_assets_script', plugins_url($cri_assets_plugin_directory.'/js/script.js'), array('jquery'), $the_timestamp);
wp_enqueue_script('cri_assets_script');

I then set up the nonce for this Javascript :

wp_localize_script( 'cri_assets_script', 'criRestApiSettings', array(
    'root' => esc_url_raw( rest_url() ),
    'nonce' => wp_create_nonce( 'wp_rest' )
) );

...this all happens in my wp_enqueue_scripts hook. (More info in https://developer.wordpress.org/reference/functions/wp_localize_script/ )

Finally I can use the nonce in my jQuery Ajax request in script.js:

  $.ajax({
  
    url: the_url,
    beforeSend: function ( xhr ) {
      xhr.setRequestHeader( 'X-WP-Nonce', criRestApiSettings.nonce );
    }
  
  }).done(function(data){
     // etc
  }

Hope this helps to clarify things for someone :)

1
answered at

I solved my problem.

This got me on the right track: https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/

You can just make an api call via frontend and jquery.

$.ajax( {
    url: '<?php echo esc_url_raw( rest_url()) ?>' + 'your/endpoint',
    method: 'GET',
    beforeSend: function ( xhr ) {
        xhr.setRequestHeader( 'X-WP-Nonce', '<?php echo wp_create_nonce( 'wp_rest')?>' );
    }
} ).done( function ( response ) {
    console.log( response );
} );

If you want to outsource the script in an separate file you have to use wp_localize_script to pass the url base address and the nonce.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.