API still publically available

  • I can generate a AUTH Token to the REST api and do a API call using POSTMAN JWT Authorisation Bearer Token and all works as it should. To this point.

    However, the same API URLS are still publicly accessible.
    The JWT plugin has not blocked public access to the API .

    All REST API should surely now require AUTH access?

    Can anyone advise?

Viewing 1 replies (of 1 total)

  • Did you set the permission_callback parameter when registering your custom route? Set your permissions (logged in or role-based permissions) in that callback function and you should see the results you’re expecting.

Viewing 1 replies (of 1 total)
  • The topic ‘API still publically available’ is closed to new replies.