skip to Main Content

I’m creating a web app that uses the WordPress REST API. The CMS has several custom post type. The frontend itself is made in React. In the frontend, users are able to authenticate themselves.

Within the web app, users are able to create a post. By default, I only want the rest api to return posts made by the authenticated user, but right now the api returns all the posts.

How can I make sure the rest api only returns the posts made by the authenticated user?

2

Answers


  1. What u could do is use this endpoint:
    http://yoursite.com/wp-json/wp/v2/posts?author=1
    to get all the post by a certain author. Then the only thing u have to check is if the current authenticated author/user is the same as in the post object.

    It wont be fully protected of course but its a place to start.

    A other way would be to write your own endpoint

    Login or Signup to reply.
  2. I think the most practical solution is to first get all the posts, like so:

    fetch(wordpressurl/wp-json/v2/posts)
    .then(response => response.json())
    .then(data => {
    data.forEach(element => {
    //let's assume we want posts from author 1 (id)
      if (element.author == 1){
          // do somethign with the post // render post for example
      }
    })
    
    })
    

    Please comment if you require any further clarifications.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search