admin管理员组

文章数量:1429553

How we can verify "Cancel the header auth" the "endpoint" functions of WordPress with an API key that we produce. (Note: not a different endpoint, original endpoints)

I have my own "Crypto" class/function. In the request, I need to send an encrypted key, "decrypt" the "encrypted key" from "wp-function" and so on, and allow the request.

I need to be able to do all of this on wordpress own endpoint libraries.

A simple example of my query structure:

$.ajax({
  type: "POST",
  url: "http://localhost/workspace/wordpress/wp-json/wp/v2/posts?request=<?php echo $encrypted; ?>",
  dataType: "json"
});

PHP

<?php echo $encrypted; ?>
<?php // "z0/8Q6cuMWBlZGzfTwOVi9HwCpKThN9Ju/o/MywK74vimB467vjGfKqoDVQdyKIdmXCxxE=" ?>

functions.php or e.g. php page: After Decrypt

<?php echo $decrypted; ?>
<?php // "Secret Password" ?>
<?php // I will verify my key, and to let

How we can verify "Cancel the header auth" the "endpoint" functions of WordPress with an API key that we produce. (Note: not a different endpoint, original endpoints)

I have my own "Crypto" class/function. In the request, I need to send an encrypted key, "decrypt" the "encrypted key" from "wp-function" and so on, and allow the request.

I need to be able to do all of this on wordpress own endpoint libraries.

A simple example of my query structure:

$.ajax({
  type: "POST",
  url: "http://localhost/workspace/wordpress/wp-json/wp/v2/posts?request=<?php echo $encrypted; ?>",
  dataType: "json"
});

PHP

<?php echo $encrypted; ?>
<?php // "z0/8Q6cuMWBlZGzfTwOVi9HwCpKThN9Ju/o/MywK74vimB467vjGfKqoDVQdyKIdmXCxxE=" ?>

functions.php or e.g. php page: After Decrypt

<?php echo $decrypted; ?>
<?php // "Secret Password" ?>
<?php // I will verify my key, and to let

  • rest-api
  • json
  • authentication
  • wp-api
Share Improve this question edited Jun 9, 2019 at 3:12 shea 5,6624 gold badges39 silver badges62 bronze badges asked May 31, 2019 at 7:50 BilwoBilwo 751 silver badge4 bronze badges
Add a comment  | 

2 Answers 2

Reset to default 5 
function checkApiAuth( $result ){

    $yourEncryptAPIKey = $_GET['request'];

    if( yourDecryptFn( $yourEncryptAPIKey ) === $realKey ):
        $result = true;

    else:
        $result = false;

    endif;

    return $result;           
}
add_filter('rest_authentication_errors', 'checkApiAuth');

Sounds like you can use the rest_authentication_errors filter:

This is used to pass a WP_Error from an authentication method back to the API.

[...] If the authentication method hooked in is not actually being attempted, null should be returned [...]. Similarly, callbacks should ensure the value is null before checking for errors.

A WP_Error instance can be returned if an error occurs [...]. A callback can return true to indicate that the authentication method was used, and it succeeded.

For a code example, you can look how WP implemented their custom check for the X-WP-Nonce header in wp-includes/rest-api.php starting at line 807.

(The function rest_cookie_check_errors is added to the rest_authentication_errors filter with priority 100.)

本文标签: jsonWordPress Rest API How do we validate with our custom API key

版权声明:本文标题:json - WordPress Rest API: How do we validate with our custom API key? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745423548a2658010.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。