Complete the code to add basic authentication headers in a WordPress API request.
fetch('https://example.com/wp-json/wp/v2/posts', { headers: { 'Authorization': '[1]' } })
Basic authentication in WordPress REST API uses the 'Basic' prefix followed by base64 encoded username and password.
Complete the code to register a REST API route with permission callback in WordPress.
register_rest_route('myplugin/v1', '/data', [ 'methods' => 'GET', 'callback' => 'myplugin_get_data', 'permission_callback' => [1] ]);
The permission callback should check user capabilities, like 'edit_posts', to secure the API endpoint.
Fix the error in the code to correctly verify a JWT token in WordPress REST API authentication.
add_filter('rest_authentication_errors', function($result) { if (!empty($result)) { return $result; } $token = getallheaders()['Authorization'] ?? ''; if ($token && !verify_jwt_token([1])) { return new WP_Error('jwt_auth_invalid_token', 'Invalid token', ['status' => 403]); } return true; });
The token string usually starts with 'Bearer ', so we remove that prefix before verifying.
Fill both blanks to create a WordPress REST API endpoint that requires a nonce for authentication.
register_rest_route('myplugin/v1', '/secure', [ 'methods' => 'POST', 'callback' => 'myplugin_secure_callback', 'permission_callback' => function() { return wp_verify_nonce([1], [2]); } ]);
Nonce is usually sent in '_wpnonce' request field and verified against 'wp_rest' action for REST API security.
Fill the blanks to implement OAuth 1.0a authentication in WordPress REST API.
add_filter('rest_pre_dispatch', function($response, $server, $request) { $oauth = new OAuthConsumer([1], [2]); if (!$oauth->verifyRequest($request)) { return new WP_Error('oauth_error', 'Invalid OAuth signature', ['status' => 401]); } return $response; }, 10, 3);
OAuthConsumer requires consumer key and secret for verifying requests.