WordPress.org

Ready to get started?Download WordPress

Forums

JSON API
Request feature : authentification (8 posts)

  1. sireneweb
    Member
    Posted 1 year ago #

    Hi,
    thanks for your great plugin, is it possible to add simple authentification method by key in next version ? with this protection anonymous user can't use json API or scraping content

    For example :
    http://www.example.org/?json=1&api_key=145dfg4654x65b1vb

    http://wordpress.org/extend/plugins/json-api/

  2. rutgervanw
    Member
    Posted 1 year ago #

    I have authentication implemented with this API. How I did it:

    - first specify an api path in the plugin options, mine was /api
    - make a folder in the document root of your site, in this case a folder named "api"
    - now place a .htaccess file in this directory (and nothing else)
    - the contents of the .htaccess file:

    AuthUserFile /etc/users
    AuthName "This is a protected area"
    AuthGroupFile /dev/null
    AuthType Basic
    Require valid-user

    - Now go to your terminal and make a file called 'users' in /etc
    - to add users follow this tutorial: http://www.htaccesstools.com/htpasswd-generator/

  3. sireneweb
    Member
    Posted 1 year ago #

    Thanks for your sharing :)
    i will try to test it in next days

  4. rutgervanw
    Member
    Posted 1 year ago #

    For clarity, this implements basic http authentication. So you can access it with a username and password, not with an API key as asked above. But almost every HTTP client (for example curl) has support for http basic aut. Good luck!

  5. Beer
    Member
    Posted 1 year ago #

    Would changing the path from /api be kind of like passing a secret key? You might change it to /api-secret-wp123ab390ef4098 for example, and change it again the next week or as needed.

  6. sireneweb
    Member
    Posted 1 year ago #

    good news :)

  7. cvillaronga
    Member
    Posted 1 year ago #

    rename the API is a great choice, however if do you need some grained features as roles, actions or audits, you can combine the API with a RBAC or LDAP tools (as an aspect) it can be more secure and specific.

  8. hdsq2
    Member
    Posted 1 year ago #

    if I implement this, will still be possible setting a json query variable and all authentication will not work? or this work to both (/api and json query) ?
    (http://www.mysite.com/?json=get_recent_posts)

    Thanks!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.