Disables all REST API endpoints and requires JWT or OAuth Authentication.
When you activate this plugin, all REST API endpoints will be disabled for non-authorized requests.
Best used with any of these plugins:
Blocks ALL REST API endpoints except for:
Allows all REST API endpoints if they come with a valid Bearer Token Authentication (authentication via GET URL variables are still blocked)
When used alone in your site, your REST API will essentially be disabled.
Note that this plugin itself doesn’t provide JWT or OAuth authentication, it only whitelists them.
This plugin is similar to Disable REST API, wherein it disables all REST API endpoints, but it still allows the authentication endpoints provided by:
And if a Bearer Token Authentication is provided, then the REST API becomes available.
Open a new incognito browser tab or private browser tab and visit your wp-json
URL:
http://mysite/wp-json/
You will see this message:
{"code":"rest_not_logged_in","message":"You are not currently logged in.","data":{"status":401}}
A Bearer Token Authenticated REST API request is a REST API call with this header:
Authorization: Bearer XXXXXXX
The XXXXXXX corresponds to the authentication token given by any of these 2 plugins:
That is outside the scope of this plugin, please refer to the docs of the respective plugins:
I’ve placed a filter called reqauth/allowed_endpoints
where you can add your own REST API endpoints to the whitelist.
For example, I want to allow /my-endpoint
for non-authorized REST API calls:
add_filter( 'reqauth/allowed_endpoints', 'allow_my_endpoints' ); function( $allowed_endpoints ) { $allowed_endpoints[] = '/my-endpoint'; return $allowed_endpoints; }