Skip to:
Content
Pages
Categories
Search
Top
Bottom

How To: API Authentication for BuddyPress

  • @chicagogregg

    Participant

    3 years ago

    Hello,

    I know the documentation says BP uses cookies for API authentication, but my install of BP allows any non-authenticated user to use the API and retrieve user data. (e.g. /wp-json/buddypress/v1/members/3)

    I’ve also tried this through incognito/private browsers and also through curl from the command line.

    Everything I’ve tried, without authenticating, returns the data.

    I’ve also installed REST API Toolbox (plugin) – that helped me with requiring authentication for WP wp-json endpoints.

    I don’t see a BP option anywhere to require authentication…

    Am I missing something here?

    Thank you in advance for the help!

    -gregg

Viewing 2 replies - 1 through 2 (of 2 total)

  • @chicagogregg

    Participant

    3 years ago

    I wound up installing Perfmatters (https://perfmatters.io/features/) and it has an option to disable the API for Non-Admins. This fixed my issue.

    However, I wonder why BP is still allowing it for non-authenticated users…

    @fawp

    Participant

    2 years ago

    Old post, but I think the behavior you see is WP-driven. The reason I say that is that I have disabled the REST API for WordPress and the link above (e.g. /wp-json/buddypress/v1/members/3) or similar do not retrieve any data.

    I used guidance from this SO article.

    https://stackoverflow.com/questions/41191655/safely-disable-wp-rest-api

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Topic Info

Topic Tags

Skip to toolbar