Posted 1 year ago #
this shows great promise, it's a lot less clumsy then the default xml-rpc api.
that being said; the fact that the json-api allows non-authenticated users to call http://blog.url/api/create_post to ... create a post (draft) means that json-api should not be deployed on a public-facing wordpress installation.
I hope authentication will indeed be added soonish and that it will be required for admin-actions such as 'create_post'?
Posted 1 year ago #
Thanks for the bug report. This is fixed in version 0.9.4.
Posted 1 year ago #
great! does that mean there is support for some kind of authentication in the API now?
Posted 1 year ago #
Not in the API yet. Currently you must include a session cookie along with API requests to create a post, but the cookie itself is the one you get from logging in to WordPress as you would normally.
This topic has been closed to new replies.
