0

I have this function which register new endpoint. By default the end point is public. I'm using Application Passwords' plugin which create a basic authentication account, let's say Basic 64basePassword

add_action( 'rest_api_init', function () {

    register_rest_route( 'wp/v2', 'somthing', array(
        'methods' => 'GET',
        'callback' => 'callback_function',
    ));

});

There is argument named permission_callback, but this use cookies. Can I use permission_callback or anything else to hiding the endpoint so only requests with basic authentication can access the endpoint? Or let me ask: Using basic authentication in headers, let's say 'Authorization: Basic some64basePass'

How I can check the value of Authorization in the header is valid or not?

Improve this question
12
  • what do you mean when you say "basic aauthentication"? Commented Apr 29, 2018 at 4:51
  • @MarkKaplun please refer to swagger.io/docs/specification/authentication/… Commented Apr 29, 2018 at 4:57
  • Also used by this plugin 'Application Passwords' wordpress.org/plugins/application-passwords Commented Apr 29, 2018 at 4:59
  • I should not refer to anything :( questions should be self contained with no need to refer to external resources. Here the term "basic authentication" usually refers to htaccess setup, so if this is not what you mean you should edit the question and specify what you mean. Regardless if you are looking for integration with plugins than it is off topic unless you explain also how the integration supposed to be done. Commented Apr 29, 2018 at 5:08
  • @MarkKaplun basic authentication is standard in the HTTP protocol. It doesn't need me to explain it. you can found it mention in WP REST API v2.wp-api.org/guide/authentication Commented Apr 29, 2018 at 5:20

1 Answer 1

Reset to default
0

Here is my solution. Inside the callback function I validate Authorization from the header like this:

function callback_function($data) {
    //Get HTTP request headers 
    $auth = apache_request_headers();
    //Get only Authorization header
    $valid = $auth['Authorization'];

    // Validate
    if ($valid == 'Basic Base64UsernamePassword') {
        //Do what the function should do
    } else {
        $response = 'Please use a valid authentication';
    }

    return json_encode($response);
}
Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.