Rest API and Metabox fields show/hide

Support General Rest API and Metabox fields show/hideResolved

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #30021
    Nicholas CoxNicholas Cox
    Participant

    Hi

    I noticed that WordPress has alot of API endpoints and I came across the 'users' endpoint (wp-json/wp/v2/users) which exposes alot of sensitive data. I do understand that Metabox adds the fields to the API which is great, but I noticed that the default users data is exposed to visitors and hackers.

    What is the best approach to managing this? is it best to disable all endpoints not being used and create new endpoints to control the data for visitors only? I need to use the API for visitors so its not like I can use the 'nonce'.

    Or can I show/hide specific Metabox fields within the API?

    or shall I add in authentication to access the API, like a API key?

    Thanks, any help/advice would be great.

    #30041
    Long NguyenLong Nguyen
    Moderator

    Hi,

    It's not possible to show/hide specific Meta Box fields in the JSON data of REST API. I think you can restrict access to WP REST API within this code

    add_filter( 'rest_authentication_errors', function( $result ) {
        // If a previous authentication check was applied,
        // pass that result along without modification.
        if ( true === $result || is_wp_error( $result ) ) {
            return $result;
        }
    
        // No authentication has been performed yet.
        // Return an error if user is not logged in.
        if ( ! is_user_logged_in() ) {
            return new WP_Error(
                'rest_not_logged_in',
                __( 'You are not currently logged in.' ),
                array( 'status' => 401 )
            );
        }
    
        // Our custom authentication check should have no effect
        // on logged-in requests
        return $result;
    });

    Refer to this topic https://stackoverflow.com/questions/32082922/restrict-access-to-wordpress-rest-api

    #30097
    Nicholas CoxNicholas Cox
    Participant

    great thanks, I'll check out the link.

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.