Hi @travisr!
You’re welcome to build your own system. In order to do that you can follow the directions listed here:
https://developer.wordpress.com/docs/oauth2/
This will help you authenticate. As it will be in a WordPress plugin, you can use functions such as wp_remote_get to get data from different endpoints.
If Jetpack is already installed on the site, you can bypass all that and let Jetpack handle the authentication. In fact, Jetpack includes a function named wpcom_json_api_request_as_blog you can leverage to make API requests.
This function basically takes care of everything, so you only need to specify API endpoints and parameters 🙂
You could look at the following link to see how we use it in Jetpack. It will give you an idea of how it can be used:
https://github.com/Automattic/jetpack/blob/5.6/modules/videopress/class.videopress-edit-attachment.php#L117
This is an example of how the function can be used:
https://github.com/Automattic/jetpack/blob/5.6/class.jetpack-client.php#L270-L280
Hope that helps! You should be able to figure everything out from here, but if you have any further questions, don’t hesitate to ask 🙂
Thanks Stefanie! wpcom_json_api_request_as_blog looks like it’s exactly what I wanted, but my first attempt to use it has failed. I built a simple plugin, ran it on my Jetpack connected blog, and received a 403 response:
{"error":"unauthorized","message":"That API call is not allowed for this account."}
The calling code is just
Jetpack_Client::wpcom_json_api_request_as_blog('read/following/mine')
and the response indicates that the query was properly sent to https://public-api.wordpress.com/rest/v1.1/read/following/mine
Is the Jetpack authentication constrained to accessing a subset of the full REST API, or have I missed a step, or done something wrong? Thanks.
I followed the Jetpack code a bit and found that wpcom_json_api_request_as_blog calls Jetpack_Client::remote_request without a user_id argument, which causes the request to use the ‘blog token’, via Jetpack_Data::get_access_token. Thinking that this might be the issue with trying to access user-centric REST API endpoints, I added a ‘user_id’ argument – via Jetpack_Options::get_option('master_user') – but unfortunately received the same result. I can verify that there are separate tokens available for the master user and the blog, but neither appear to allow me access to the read/following/mine or read/liked endpoints. Not sure where to look next, so any further tips would be appreciated. Thanks.
Noticed that wpcom_json_api_request_as_blog was filtering out my ‘user_id’ argument. After tweaking the Jetpack code to allow this argument to pass through, I was able to get a successful response from the read/following/mine endpoint, but it was empty. The read/liked endpoint gave me a different 403 response:
{"error":"authorization_required","message":"An active access token must be used to query information about the current user."}
I’m beginning to think that the authentication I need for these endpoints isn’t available via the tokens managed by Jetpack?
Is the Jetpack authentication constrained to accessing a subset of the full REST API
Yes, that is correct.
If your need access to a specific route while using Jetpack’s wpcom_json_api_request_as_blog function, you should open an issue in the Jetpack repo, and we’ll see if we can help you with that:
https://github.com/Automattic/jetpack
New issue created on Github.
