[ad_1]
I am working on a test project. I am using ReactJS for frontend and wordpress for backend like headless cms. I am making API calls through ReactJS and it is working fine. The only thing I need is to hide JSON response from anyone who try to put/hit the API URL in browser. If I restrict rest API it will not allow my ReactJS calls to hit the URL.
Can someone tell me how to hide the JSON response when any visitor try URL in browser. In simple I just want to hide the JSON response.
[ad_2]
https://wordpress.org/plugins/disable-json-api/ might be useful?
You need to setup your CORS so your frontend environments can make requests to the REST but no one else can:
https://linguinecode.com/post/enable-wordpress-rest-api-cors
EDIT: just read your post more clearly.. I’m not sure if you’ll be able to disable direct access to your REST with out some custom code. There is this that might help: https://wordpress.org/plugins/rest-api-toolbox/
You could restrict the entire backend site by IP address? That way only your front end has access to the rest API.