admin管理员组

文章数量:1421190

This question already has answers here: wp_get_current_user() function not working in Rest API callback function (4 answers) Closed 5 years ago.

In a custom REST API method, I would like to identify the user (typically get_current_user_id() then retrieve their data from database (things like they're role and some custom permission).

But so far get_current_user_id() returns 0 (which is not the current user ID).

Is it possible to identify user in REST API?

Otherwise, a solution I see is using a page as "sort of" API ... but I think that would be an ugly solution.

This question already has answers here: wp_get_current_user() function not working in Rest API callback function (4 answers) Closed 5 years ago.

In a custom REST API method, I would like to identify the user (typically get_current_user_id() then retrieve their data from database (things like they're role and some custom permission).

But so far get_current_user_id() returns 0 (which is not the current user ID).

Is it possible to identify user in REST API?

Otherwise, a solution I see is using a page as "sort of" API ... but I think that would be an ugly solution.

  • users
  • user-roles
  • rest-api
Share Improve this question edited Apr 10, 2019 at 16:23 TTT asked Apr 10, 2019 at 16:15 TTTTTT 3291 gold badge4 silver badges17 bronze badges 4
  • Look at my answer at wordpress.stackexchange/a/329992/30597 – this will only work when passing nonce to the request. – norman.lol Commented Apr 10, 2019 at 16:33
  • 1 It looks like actual duplicate this time, just didn't search with the right keywords. However I have a subquestion ... (I'm not familiar with the word "nonce", English is not my mother language) the nonce is not something that someone could forge in client side to pretend they're another user, right? – TTT Commented Apr 10, 2019 at 16:39
  • 1 Yep, WordPress security tokens are called "nonce". See codex.wordpress/WordPress_Nonces – norman.lol Commented Apr 10, 2019 at 16:46
  • 1 A nonce en.wikipedia/wiki/Cryptographic_nonce is a pseudo random number used to prevent replay attacks and other security threats. It's also a word for something rather unfortunate in the UK. Authenticated REST API requests should include a nonce+cookie when sent from the browser – Tom J Nowell Commented Apr 10, 2019 at 17:19
Add a comment  | 

1 Answer 1

Reset to default 0

I spent two days searching for a simple way without adding plugins.

first in function.php where you define your api

//enqueue the script which will use the api
function api_callings_scripts() {
    wp_enqueue_script('score-script', get_template_directory_uri() . '/js/ScoreSaving.js', ['jquery'], NULL, TRUE);
    // Pass nonce to JS.
    wp_localize_script('score-script', 'ScoreSettings', [
      'nonce' => wp_create_nonce('wp_rest'),
    ]);
}
add_action( 'wp_enqueue_scripts', 'api_callings_scripts' );

Then your script Ajax call cloud be something like this

jQuery.ajax({
      type: "POST",
      url: "/wp-json/score/update",
      data: {"var1":"value1"},
      beforeSend: function(xhr) {
        xhr.setRequestHeader('X-WP-Nonce', ScoreSettings.nonce);
      },
    success: 
        function( data ) {
          console.log( data );
        }
    });

Now you can use get_current_user_id() inside your API code.

本文标签: Is there a way to identify a user in a custom REST API method

版权声明:本文标题:Is there a way to identify a user in a custom REST API method? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745322867a2653456.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。