Plugin Dev: Making direct API calls from a JS script?

  • hedgerh

    (@hedgerh)


    5 years, 1 month ago

    My admin plugin is using React for its UI. It needs to make calls to AWS Cognito for user authentication and make calls to my company’s APIs for data.

    According to the plugin AJAX docs, all WordPress AJAX requests must go through wp-admin/admin-ajax.php. Does that also apply to requests made in JS scripts?

    An article I was reading had interpreted it this way, and they created a WP REST endpoint just to proxy the requests. However, someone else told me that this isn’t necessary.

    Can anyone clarify this guideline? Thank you.

    • This topic was modified 5 years, 1 month ago by hedgerh.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Joy

    (@joyously)

    5 years, 1 month ago

    According to the plugin AJAX docs, all WordPress AJAX requests must go through wp-admin/admin-ajax.php. Does that also apply to requests made in JS scripts?

    I think you have taken something out of context. That document is for AJAX calls to WordPress. And there are no AJAX requests except in JS.

    If your code needs to talk to an external site, talk directly, not through WP. But any time you need to use AJAX with WP functions, it should do it the WordPress way, which loads WordPress in order to handle the request. Trying to load WordPress yourself instead of using admin-ajax.php is the wrong way, and that is what is to be avoided.

    If you are writing a plugin to be in the WP repository, you need the user’s permission to contact external sites.

    Thread Starter hedgerh

    (@hedgerh)

    5 years, 1 month ago

    Thank you for the reply. It looks like the author of the articlel I was reading misinterpreted the docs.

    If you are writing a plugin to be in the WP repository, you need the user’s permission to contact external sites.

    Do you happen to know where this is documented? I can’t seem to find it in the plugin guidelines. I see that you can’t embed external links without permission, but nothing about external requests.

    Thanks again!

    Joy

    (@joyously)

    5 years, 1 month ago

    It seems pretty clear here:

    In the interest of protecting user privacy, plugins may not contact external servers without explicit and authorized consent.

    Thread Starter hedgerh

    (@hedgerh)

    5 years, 1 month ago

    Oh! Thank you. I didn’t realize that guideline was so broad. Cheers!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Plugin Dev: Making direct API calls from a JS script?’ is closed to new replies.

Tags