I’m creating a web app that uses the WordPress REST API. The CMS has several custom post type. The frontend itself is made in React. In the frontend, users are able to authenticate themselves.
Within the web app, users are able to create a post. By default, I only want the rest api to return posts made by the authenticated user, but right now the api returns all the posts.
How can I make sure the rest api only returns the posts made by the authenticated user?
2
Answers
What u could do is use this endpoint:
http://yoursite.com/wp-json/wp/v2/posts?author=1
to get all the post by a certain author. Then the only thing u have to check is if the current authenticated author/user is the same as in the post object.
It wont be fully protected of course but its a place to start.
A other way would be to write your own endpoint
I think the most practical solution is to first get all the posts, like so:
Please comment if you require any further clarifications.