WP REST API Authentication Requirements for Endpoints

enter image description here

I have a custom post type, card, that I’m exposing through the WP REST API.

function register_card_post_type() {
    $labels = array(
        "name" => __( 'Cards', '' ),
        "singular_name" => __( 'Card', '' ),
    );

    $args = array(
        "label" => __( 'Cards', '' ),
        "labels" => $labels,
        "description" => "",
        "public" => true,
        "publicly_queryable" => true,
        "show_ui" => true,
        "show_in_rest" => true,   // ADD TO REST API
        "rest_base" => "cards",   // ADD TO REST API
        "has_archive" => false,
        "show_in_menu" => true,
        "exclude_from_search" => false,
        "capability_type" => "post",
        "map_meta_cap" => true,
        "hierarchical" => false,
        "rewrite" => array( "slug" => "card", "with_front" => true ),
        "query_var" => true,
        "menu_position" => 5,
        "supports" => array( "title" ),
    );

    register_post_type( "card", $args );
}

add_action( 'init', 'register_card_post_type' );

It seems like by default, the endpoints are public. How do I set the authentication requirements for the endpoint, so that GET /cards/ requires either an auth cookie or header? In the API handbook is shows how to write a custom endpoint, but ideally is there a filter or hook I can use to extend the autogenerated endpoints?

Read more here: WP REST API Authentication Requirements for Endpoints

Leave a Reply

Your email address will not be published. Required fields are marked *