Why does a custom API endpoint not work when authentication is applied?

Add question

Username* Please type your username .

E-Mail* Please type your E-Mail .

Question Title* Please choose an appropriate title for the question to answer it even easier .

Category Please choose the appropriate category so others can easily search your question.

Tags Please choose suitable Keywords Ex : question , poll .

Poll This question is a poll ? If you want to be doing a poll click here .

Featured image

Browse

Details*

Ask Anonymously Anonymous asks

Video description Do you need a video to description the problem better ?

Video type Choose from here the video type .

Video ID Put here the video id : https://www.youtube.com/watch?v=sdUUx5FdySs EX : 'sdUUx5FdySs'.

Notified Notified by e-mail at incoming answers.

Terms* By asking your question, you agree to the Terms of Service and Privacy Policy.

Captcha*

Why does a custom API endpoint not work when authentication is applied?

Question

I’ve added some custom API endpoints to my plugin. Here is one example.

add_action( 'rest_api_init', function () {
    register_rest_route( 'my-api/' . 'v1', '/get-uploads-dir', array(
        'methods' => 'GET',
        'callback' => array($this, 'api_get_uploads_dir'),
        'permission_callback' => function () {
          return current_user_can('upload_files');
        },      
    ));
} );

Here is the callback function.

public function api_get_uploads_dir($request) {

    $uploads_name = get_option(UPLOADS_FOLDER_NAME, "none");

    $data = array(
      'uploads_name' => $uploads_name,
    );

    return $data;
    die();    

}

I use this Javascript to call the API.

async function get_uploads_dir() {
    const endpoint="http://example.com/wp-json/my-api/v1/get-uploads-dir";
    try {
        const response = await fetch(endpoint);

        if (response.ok) {
          const data = await response.json();
          console.log(data);
        } else {
          console.error('Error: ' + response.status + ' - ' + response.statusText);
        }
    } catch (error) {
        console.error('Fetch error: ', error);
    }
}

This works with no issues. But when I add code for authentication to the Javascript function, the callback function, api_get_uploads_dir($request), is never triggered.

This code was added in the try block for passing the nonce.

const response = await fetch(endpoint, {
    method: 'GET',
    headers: {
     'Content-Type': 'application/json',
     'X-WP-Nonce': my_api.nonce // localized value, 'nonce'=> wp_create_nonce('wp-rest')
    }
});

When the above code is added to the Javascript, the endpoint callback function will not be executed anymore when the endpoint is called and the response received is ‘Error: 403 – Forbidden’.

And this is how the callback function handles authentication.

$client_nonce = $request->get_header('x_wp_nonce');

if(!wp_verify_nonce($client_nonce, 'wp-rest')) {
    die();  
}

But this code never gets a chance to run.

Are there any ideas why the endpoint function no longer runs when the nonce is included in the API call?

AlanP 2 months 2023-04-05T17:31:52-05:00 2023-04-05T17:31:52-05:00 0 Answers 0 views 0

Register Now

Login

Lost Password

Add question

Login

Register Now

Why does a custom API endpoint not work when authentication is applied?

Why does a custom API endpoint not work when authentication is applied?

Related questions

Leave an answer