We continue exploring the topic of custom endpoints with API key access. Today we'll look at an example of saving data to the database and validating the key before saving.
The full code example is below:
<?php
add_action('rest_api_init', function()
{
/**
* Save
*/
register_rest_route('app/v1', 'post', [
'methods' => WP_REST_Server::CREATABLE,
'permission_callback' => function(WP_REST_Request $Request)
{
if($Request -> get_param('key') != '123qwe')
{
return new WP_Error('key', 'API KEY is wrong', [
'status' => 400
]);
}
return true;
},
'callback' => function(WP_REST_Request $Request)
{
$post_id = wp_insert_post([
'post_type' => 'fruit',
'post_title' => wp_strip_all_tags( $Request -> get_param('post_title') ),
'post_content' => $Request -> get_param('post_content'),
'post_status' => 'publish',
]);
return get_post( $post_id );
},
'args' => [
'key' => [
'description' => 'API KEY',
'type'=> 'string',
'required' => true,
],
'post_title' => [
'description' => 'Post title',
'type'=> 'string',
'required' => true,
],
'post_content' => [
'description' => 'Post content',
'type'=> 'string',
'required' => true,
],
]
]);
});To test the code, use the following request/link — “site.address/wp-json/app/v1/post?key=123qwe&post_title=Orange&post_content=The orange is the most widespread citrus crop in all tropical and subtropical regions of the world”.
As a tool, I use “Postman” (makes the work easier). The request method is POST. Just paste the URL into the request field and click the “Send” button to the right of it (in the light theme, the button is blue). Make sure to insert the code above into your theme’s functions.php file, otherwise it won’t work.
Let’s break the URL down into parts, where:
key — the request key
post_title — the post title
post_content — the post content
All of these fields are required, because we defined the “required” key as TRUE for each of them:
'args' => [ 'key' => [ 'description' => 'API KEY', 'type'=> 'string', 'required' => true, ], 'post_title' => [ 'description' => 'Post title', 'type'=> 'string', 'required' => true, ], 'post_content' => [ 'description' => 'Post content', 'type'=> 'string', 'required' => true, ], ]
As in the previous example (when we retrieved data), the key validation is handled inside the “permission_callback”:
'permission_callback' => function(WP_REST_Request $Request)
{
if($Request -> get_param('key') != '123qwe')
{
return new WP_Error('key', 'API KEY is wrong', [
'status' => 400
]);
}
return true;
},In a regular IF condition, we compare the value of the POST variable KEY with “123qwe”. It is recommended to store this key in the database or in a separate configuration file.
Saving data to the database is handled in the function under the “callback” key:
'callback' => function(WP_REST_Request $Request)
{
$post_id = wp_insert_post([
'post_type' => 'fruit',
'post_title' => wp_strip_all_tags( $Request -> get_param('post_title') ),
'post_content' => $Request -> get_param('post_content'),
'post_status' => 'publish',
]);
return get_post( $post_id );
},It’s all quite simple. We call the WP function “wp_insert_post” to insert a post into the database, specifying an array with the required parameters. Once done, we retrieve the post data from the DB and return it. As a result, we get a JSON object with the post data:
{
"ID": 57,
"post_author": "0",
"post_date": "2020-12-12 16:01:58",
"post_date_gmt": "2020-12-12 13:01:58",
"post_content": "The orange is the most widespread citrus crop in all tropical and subtropical regions of the world",
"post_title": "Orange",
"post_excerpt": "",
"post_status": "publish",
"comment_status": "closed",
"ping_status": "closed",
"post_password": "",
"post_name": "orange",
"to_ping": "",
"pinged": "",
"post_modified": "2020-12-12 16:01:58",
"post_modified_gmt": "2020-12-12 13:01:58",
"post_content_filtered": "",
"post_parent": 0,
"guid": "site.address/fruit/orange/",
"menu_order": 0,
"post_type": "fruit",
"post_mime_type": "",
"comment_count": "0",
"filter": "raw"
}As you can see, it’s quite straightforward.