json-api; not suited for public-facing wp-installs? (4 posts)

  1. Frank Goossens
    Posted 5 years ago #

    this shows great promise, it's a lot less clumsy then the default xml-rpc api.

    that being said; the fact that the json-api allows non-authenticated users to call http://blog.url/api/create_post to ... create a post (draft) means that json-api should not be deployed on a public-facing wordpress installation.

    I hope authentication will indeed be added soonish and that it will be required for admin-actions such as 'create_post'?


  2. dphiffer
    Posted 4 years ago #

    Thanks for the bug report. This is fixed in version 0.9.4.

  3. Frank Goossens
    Posted 4 years ago #

    great! does that mean there is support for some kind of authentication in the API now?

  4. dphiffer
    Posted 4 years ago #

    Not in the API yet. Currently you must include a session cookie along with API requests to create a post, but the cookie itself is the one you get from logging in to WordPress as you would normally.

Topic Closed

This topic has been closed to new replies.

About this Topic