Secure the API #4
Labels
Comments
|
I can take a look at issues around securing the API. It's been a while since I've played with Wordpress but I can figure it out. |
|
Something to consider. I haven't used it, but have heard good things about it. |
|
That's a neat plugin. I've seen Auth0 stuff before and it looks pretty good. I'll certainly check this out. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now, virtually anyone can access the API, as there is no authentication on it.
The API is actually coming from a WordPress installation using the "WP REST API" plugin. I chose to go this route since I wanted to
a) save time by not having to create an admin panel that would be easy for non-technical folks to use for data-entry
b) make it really easy for the developers to add new entities with specific fields such as "actions", "events", "donations", etc.
I was thinking that the application would live inside of a page on the WordPress install currently located at WeCanSaveDemocracy.org to allow for eventual expansion of the platform (see this issue) to also include articles and resources. So this is something to keep in mind.
There is documentation on how to do this using different types of authentication, it just needs to be implemented.
Will require some PHP knowledge.
Please contact me at [email protected] for login creds.
The text was updated successfully, but these errors were encountered: