The WP-API is a JSON REST API that is slated to go into WordPress core. The API allows applications like mobile apps to interact with WordPress. It’s been written about extensively, and it’s documented well. If you’ve worked with the API before, you may have come across the issue of authentication. The API can allow you to create a post, get information about users, and lots more. For that reason, it has to make sure you are allowed to do that. The process for figuring out who can do these things is called authentication, and it can be a pain. The documentation on authentication is sparse, with options for cookie, oauth, or basic authentication. In this post I will show you how to create your own custom authentication. Note: the WP-API is going through some major changes before it goes into WordPress core, so this process may change. Let’s say I made a mobile app where a user can take a photo and upload it to their own WordPress site. The mobile app user would need to login first, then we need to tell the API that they are authenticated. How do we do that? I’m going to show you how to make a custom authentication filter for this use-case. Disclaimer: I’m not a security expert, so it’s
Share This