Westside2004
asked on
WordPress REST API security?
Hi,
We are on version 4.8.1 and wanting to make use of the WordPress API. We have an iOS app and wanted to see is there a restrict who can use the WordPress API? From what I've been reading it looks like it's open and enabled by default. I'm wanting to restrict everyone, but at the same time have a dedicated maybe service type account that can use the API.
How can this be done?
We are on version 4.8.1 and wanting to make use of the WordPress API. We have an iOS app and wanted to see is there a restrict who can use the WordPress API? From what I've been reading it looks like it's open and enabled by default. I'm wanting to restrict everyone, but at the same time have a dedicated maybe service type account that can use the API.
How can this be done?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You are welcome. The second has the links to the different security plugins based on the authentication type you want like oauth, app passwords, et cetera. Figured you would want to go through background material and choose for yourself. With Cross-Origin Resource Sharing (CORS) in the mix, in most cases simple JavaScript cannot be used off domain with a proxy and callbacks; therefore, you get a little extra security through the effort it will take to write code for your typical internal user. If your site is open to anyone to sign up, hopefully you can mitigate concern.
Good luck!
Good luck!
ASKER