Reputation: 11
Rest API security without authentication on external requests
I'm working with the WordPress REST API for the first time.
The idea behind the project is that once a POST request has been made to a custom endpoint, the data is escaped/cleaned up and then saved into the database through WP's own functions. I'm basically just collecting feedback submitted through a form on a site ( plus many other sites ) and send the data to another site (my own one).
How would you handle security in this case? I can't use oauth. What I'd like to do is just make sure the request has been genuinely made from that form.
Any ideas?
Upvotes: 0
Views: 659
Answers (1)
Reputation: 368
I recommend you use token authentication, use a signed token to validate the identity of the user who make a request. In this case JWT, you can choose the PHP JWT library you feel better using.
Upvotes: 1
Related Questions
- WordPress REST API - How to Authenticate without a plugin
- wordpress rest api Authorization
- How to secure an REST API without login
- Authenticate WP REST API GET Requests
- Restrict access to WordPress REST API
- Wordpress to other source rest calls with username / password
- Wordpress REST API Authentication without a login page
- Secure PHP REST API
- Security PHP RESTful API
- Securing a session-less RESTful API endpoint