Support » Developing with WordPress » Diving into Backbone and the REST API

  • Resolved Endlyss


    Hey guys.

    So I recently stumbled upon using the rest api to insert, edit, and display posts within WordPress.

    Now I know that with using AJAX, I need to authorize the request. However, it is unclear whether or not I also need a way to do this when using the API (via the backbone client).

    How would I go about securing the API, so that if I were to make a frontend app, it is not accessible to just anyone except authorized users?

    Also, bonus question: I notice that I am late to the party on developing with this API. While searching Google, I notice articles dating back to 2013. Up until now I was manually adding posts via AJAX/PHP, and while I know that the REST API will be a massive step up in performance from that method, is there currently something better to use other than this built-in API?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Yes, the wp-api client will handle cookie-based authentication which you need for anything beyond public reading endpoints. OAuth and basic auth are two other authentication options. To secure the API endpoints you would use the same types of users checks you would use elsewhere in core (‘current_user_can()’). If the user is authenticated they the check will be for that user.

    Okay, cool. Thank you for the info, Adam! I’ll go do my due diligence now and learn about authentication methods, then! (and thanks for the bonus info about 0Auth and basic!)

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Diving into Backbone and the REST API’ is closed to new replies.