json-api; not suited for public-facing wp-installs? | WordPress.org

Frank Goossens
(@futtta)

16 years ago

this shows great promise, it’s a lot less clumsy then the default xml-rpc api.

that being said; the fact that the json-api allows non-authenticated users to call http://blog.url/api/create_post to … create a post (draft) means that json-api should not be deployed on a public-facing wordpress installation.

I hope authentication will indeed be added soonish and that it will be required for admin-actions such as ‘create_post’?

http://wordpress.org/extend/plugins/json-api/

Viewing 3 replies - 1 through 3 (of 3 total)

dphiffer
(@dphiffer)

15 years, 12 months ago

Thanks for the bug report. This is fixed in version 0.9.4.

Thread Starter Frank Goossens
(@futtta)

15 years, 12 months ago

great! does that mean there is support for some kind of authentication in the API now?

dphiffer
(@dphiffer)

15 years, 11 months ago

Not in the API yet. Currently you must include a session cookie along with API requests to create a post, but the cookie itself is the one you get from logging in to WordPress as you would normally.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘json-api; not suited for public-facing wp-installs?’ is closed to new replies.

3 replies
2 participants
Last reply from: dphiffer
Last activity: 15 years, 11 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics