Bypassing only specific REST endpoint

Hi– thanks for using Force Login!

Force Login uses the rest_authentication_errors filter to check for REST API authentication. If no authentication is used, it blocks the request.

You may also hook into that filter to return some non-empty value to indicate an “okay” state and allow the endpoint to be accessed without authentication; bypassing Force Login.

For example:

/**
 * Bypass Force Login to allow for REST API exceptions.
 *
 * @param mixed $result WP_Error if authentication error, null if authentication
 *                      method wasn't used, true if authentication succeeded.
 */
function my_forcelogin_bypass_rest_api( $result ) {

  // Skip if request is authenticated
  if ( ! empty( $result ) ) {
    return $result;
  }

  // Allow specific endpoint public access
  //if ( $endpoint ) {
  //  return true;
  //}

  return $result;
}
add_filter( 'rest_authentication_errors', 'my_forcelogin_bypass_rest_api', 20 );

As for how to determine if the specific endpoint is being requested, I can’t help with that. I recommend you hire a web developer to code that part.

Thanks and good luck!

Hi Kevin!

Thanks for your help! That code snippet worked perfectly, the endpoint check relies on $_SERVER, which hopefully will also work. 🙂

Thanks,
Marc

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer