Ready to get started?Download WordPress


Request feature : authentification (8 posts)

  1. sireneweb
    Posted 1 year ago #

    thanks for your great plugin, is it possible to add simple authentification method by key in next version ? with this protection anonymous user can't use json API or scraping content

    For example :


  2. rutgervanw
    Posted 1 year ago #

    I have authentication implemented with this API. How I did it:

    - first specify an api path in the plugin options, mine was /api
    - make a folder in the document root of your site, in this case a folder named "api"
    - now place a .htaccess file in this directory (and nothing else)
    - the contents of the .htaccess file:

    AuthUserFile /etc/users
    AuthName "This is a protected area"
    AuthGroupFile /dev/null
    AuthType Basic
    Require valid-user

    - Now go to your terminal and make a file called 'users' in /etc
    - to add users follow this tutorial: http://www.htaccesstools.com/htpasswd-generator/

  3. sireneweb
    Posted 1 year ago #

    Thanks for your sharing :)
    i will try to test it in next days

  4. rutgervanw
    Posted 1 year ago #

    For clarity, this implements basic http authentication. So you can access it with a username and password, not with an API key as asked above. But almost every HTTP client (for example curl) has support for http basic aut. Good luck!

  5. Beer
    Posted 1 year ago #

    Would changing the path from /api be kind of like passing a secret key? You might change it to /api-secret-wp123ab390ef4098 for example, and change it again the next week or as needed.

  6. sireneweb
    Posted 1 year ago #

    good news :)

  7. cvillaronga
    Posted 1 year ago #

    rename the API is a great choice, however if do you need some grained features as roles, actions or audits, you can combine the API with a RBAC or LDAP tools (as an aspect) it can be more secure and specific.

  8. hdsq2
    Posted 1 year ago #

    if I implement this, will still be possible setting a json query variable and all authentication will not work? or this work to both (/api and json query) ?


Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.