Skip to content

rest api – WordPress API – Get Drafts

Having just lately been by means of an analogous downside, and studying to resolve it, I assumed I’d share my studying expertise.

As we discovered, anybody can request a publish with standing=publish. If you get errors like the next or related, then it’s best to begin considering by way of issues with authentication or permissions:

stdClass Object
(
    [code] => rest_invalid_param
    [message] => Invalid parameter(s): standing
    [data] => stdClass Object
        (
            [status] => 400
            [params] => stdClass Object
                (
                    [status] => Status is forbidden.
                )

            [details] => stdClass Object
                (
                    [status] => stdClass Object
                        (
                            [code] => rest_forbidden_status
                            [message] => Status is forbidden.
                            [data] => stdClass Object
                                (
                                    [status] => 401
                                )

                        )

                )

        )

    )

…or…

stdClass Object
(
    [code] => jwt_auth_invalid_token
    [message] => Wrong variety of segments
    [data] => stdClass Object
        (
            [status] => 403
        )

)

…If you might be logged in as an admin, then it’s best to have permission to see draft posts. Therefore, it’s seemingly your API calls aren’t authenticating for some motive.

The very first thing I examined was the token. I occur to be utilizing the JWT Authentication for WP-API plugin, which is actually fairly easy to implement. After putting in/activating JWT Auth, go to the consumer you need to assign to make use of your API calls, and at the bottom of the consumer profile you will note :

Application Account name

Give your application a reputation, Add New, and then a brand new application password will pop up. It will seem like this:

Application password

Copy the entire password, preserving the areas is ok.

I’m utilizing PHP and cURL, so my get token code appears to be like like this:

personal perform getAuthHeader(){
    $JWTtoken = json_decode($this->getJWTToken());
    $token = $JWTtoken->token;
    $header = array(
        "Content-type: application/json", 
        "Authorization: Bearer " . $token
    );
    return $header;
}

public perform getJWTToken(){
    /*
    Request: POST http://basic/wp-json/api/v1/token
    Body:
    username = <wordpress username>
    password = <wordpress password>
    */
    
    $url = $this->baseurl . "jwt-auth/v1/token";

    $params = array(
                        'requesttype' => 'POST',
                        'url' => $url,
                        'publish' => array('username' => 'admin', 'password' => 'esmA UJom vxAG LFKU q8oN DSGK')
                    );
    $ch = curl_init();
    CURL_SETOPT($ch, CURLOPT_RETURNTRANSFER, 1);
    CURL_SETOPT($ch, CURLOPT_URL, $params['url']);
    CURL_SETOPT($ch, CURLOPT_POST, TRUE);
    CURL_SETOPT($ch, CURLOPT_POSTFIELDS, http_build_query($params['post']));
    CURL_SETOPT($ch, CURLOPT_SSL_VERIFYPEER, false);
    $response = curl_exec($ch);
    curl_close($ch);
    return $response;
}

…You will see manner down in $params the place I set the username/password. The username is “admin”, because that is the consumer I set the brand new application password for, and the password is esmA UJom vxAG LFKU q8oN DSGK. Notice I’m NOT utilizing the admin’s WordPress password.

Your header turns into an array, and it ought to look one thing like this, which features a loooong token string:

Array ( [0] => Content-type: application/json [1] => Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9iYXNpYyIsImlhdCI6MTYyMzI2NjUyNSwibmJmIjoxNjIzMjY2NTI1LCJleHAiOjE2MjM4NzEzMjUsImRhdGEiOnsidXNlciI6eyJpZCI6IjEifX19.YX1UvJ5nlbG2MIlheI2NzTTzaQKBZ8I9WQOr70CE1Tk ) 

Finally, the perform that makes the request utilizing cURL appears to be like like this:

public perform getResponse($params){

    $auth_header = $this->getAuthHeader();

    $ch = curl_init();
    CURL_SETOPT($ch, CURLOPT_RETURNTRANSFER, 1);
    CURL_SETOPT($ch, CURLOPT_URL, $params['url']);
    if( isset($params['requesttype']) && $params['requesttype'] == "POST" ){ //additional code to detect whether or not I'm making a GET, POST, or PUT request.
        CURL_SETOPT($ch, CURLOPT_POST, TRUE);
    }
    else if( isset($params['requesttype']) && $params['requesttype'] == "PUT"){
        CURL_SETOPT($ch, CURLOPT_CUSTOMREQUEST, "PUT");
    }
    if(isset($params['post'])){
        CURL_SETOPT($ch, CURLOPT_POSTFIELDS, http_build_query($params['post']));
    }
    CURL_SETOPT($ch, CURLOPT_SSL_VERIFYPEER, false);
    CURL_SETOPT($ch, CURLOPT_HTTPHEADER, $auth_header);
    $response = curl_exec($ch);
    curl_close($ch);
    return $response;
}

Notice that before executing the cURL, I need to get my header, with the brand new token, by calling the getAuthHeader perform:

$auth_header = $this->getAuthHeader();

and discover that I’ve to move that header, which incorporates the brand new token, to the net service:

CURL_SETOPT($ch, CURLOPT_HTTPHEADER, $auth_header);

Barring any typos, which is always my downside, this could return posts with standing=draft:

    public perform getPosts($params){
        // I handed $params['status'] = "draft";
        $url = $this->baseurl . "wp/v2/posts/?status=" . $params['status'] . "";
        $data = array(
                        'requesttype' => 'GET',
                        'url' => $url
                     );
        return $this->getResponse($data);
    }

 



Source link

Leave a Reply