Support » Plugin: JSON API » Request feature : authentification

Viewing 7 replies - 1 through 7 (of 7 total)
  • I have authentication implemented with this API. How I did it:

    – first specify an api path in the plugin options, mine was /api
    – make a folder in the document root of your site, in this case a folder named “api”
    – now place a .htaccess file in this directory (and nothing else)
    – the contents of the .htaccess file:

    AuthUserFile /etc/users
    AuthName “This is a protected area”
    AuthGroupFile /dev/null
    AuthType Basic
    Require valid-user

    – Now go to your terminal and make a file called ‘users’ in /etc
    – to add users follow this tutorial: http://www.htaccesstools.com/htpasswd-generator/

    Thanks for your sharing 🙂
    i will try to test it in next days

    For clarity, this implements basic http authentication. So you can access it with a username and password, not with an API key as asked above. But almost every HTTP client (for example curl) has support for http basic aut. Good luck!

    Beer

    (@beer)

    Would changing the path from /api be kind of like passing a secret key? You might change it to /api-secret-wp123ab390ef4098 for example, and change it again the next week or as needed.

    sireneweb

    (@sireneweb)

    good news 🙂

    cvillaronga

    (@cvillaronga)

    rename the API is a great choice, however if do you need some grained features as roles, actions or audits, you can combine the API with a RBAC or LDAP tools (as an aspect) it can be more secure and specific.

    hdsq2

    (@hdsq2)

    if I implement this, will still be possible setting a json query variable and all authentication will not work? or this work to both (/api and json query) ?
    (http://www.mysite.com/?json=get_recent_posts)

    Thanks!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Request feature : authentification’ is closed to new replies.