I am new to wp-api. I did install it and I am able to make some GET requests to retrieve content from my blog.
My question is very naive : can anyone send some DELETE/UPDATE rest requests to modify/delete my posts or must usre be authentificated first to do that ?
In other terms, can I use the wp-api as it is without any security considerations ?
If you are referring to WordPress REST Api version 2.7 above, you can't call PUT, PATCH, DELETE without being authenticated.
Here's more detail about the Authentication https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/
You may also try to use POSTMAN to issue a PUT call to your API end point. You will be getting the like the one pasted below if you did not login.
{
"code": "rest_cannot_edit",
"message": "Sorry, you are not allowed to edit this post.",
"data": {
"status": 401
}
}
