是否可以添加使用WooCommerce授权的新API端点? [英] Is it possible to add a new API endpoint that uses WooCommerce's authorization?
问题描述
我需要在我的WordPress插件中添加一个API端点,该端点将写入数据库等.我希望它由调用此新API的远程系统触发.
I need to add an API endpoint in my WordPress plugin that will write to the database, etc. I want it to be triggered by a remote system that will call this new API.
但是,我想使用内置的WooCommerce REST身份验证,在此处设置身份验证:
However, I'd like to use the built-in WooCommerce REST authentication, the auth set up here:
(不,这些凭据不再起作用).
(And no, those credentials don't work, anymore).
有没有办法做到这一点?要添加一个自定义HTTP终结点,该终结点将使用WooCommerce的身份验证,然后运行一些我想运行的任意代码?
Is there a way to do this? To add a custom HTTP endpoint that will use the auth from WooCommerce and then run some arbitrary code that I want to run?
或者是否可以在现有的WooCommerce API端点上添加一个挂钩以在该端点执行之前运行?我只需要一种使用现有WooCommerce REST API身份验证的方式来触发一些我需要在插件中运行的更新.
Or is there a way to add a hook on an existing WooCommerce API endpoint to run before that endpoint executes? I just need a way to use the existing WooCommerce REST API auth to trigger some updates I need to run in my plugin.
推荐答案
您可以在Woocommerce端点下添加一条路由以使用此密钥/秘密身份验证系统.
You can add a route under the Woocommerce endpoint to use this key/secret authentication system.
这是一个可行的示例:
add_action('rest_api_init', function () {
register_rest_route('wc', '/test', [
'methods' => 'GET',
'callback' => 'my_awesome_func',
]);
});
function my_awesome_func(WP_REST_Request $request)
{
if (is_user_logged_in() && (int)wp_get_current_user()->ID === 123) {
//your stuff only for legged in user 123
return new WP_REST_Response('ok', 200);
}
return new WP_Error('unauthorized', __('You shall not pass'), [ 'status' => 401 ]); //can also use WP_REST_Response
}
这将:
- 在"wc"下添加新的GET路由.端点(woocommerce端点),因此
https://example.com/wp-json/wc/test
- 然后使用"HTTP基本身份验证"按照 Woocommerce文档
-
is_user_logged_in()
和wp_get_current_user()
的结果将取决于密钥/秘密的正确组合.如果正确,则关联用户将被认证".至于Wordpress. - 如果组合正确,则得到
[true,WP_user_object]
,如果键不正确,则会得到[false,Empty_user_object]
. - 如果正确的密钥和不正确的机密,将抛出401(不是我的示例中的一个,而是woocommerce的另一个401.在这种情况下,未达到
my_awesome_func()
.我相信这就像wp-login,正确登录(键)时自定义错误消息,不错的^^')
- add a new GET route under the "wc" endpoint (woocommerce one), so
https://example.com/wp-json/wc/test
- you then use "HTTP Basic auth" to pass your key and secret as per Woocommerce documentation
- the results of
is_user_logged_in()
andwp_get_current_user()
will depend on the correct combination of key/secret. If correct, a the associated user will be "authentified" as for Wordpress. - if correct combination you'll get
[true, WP_user_object]
, if incorrect key[false, Empty_user_object]
. - If correct key and incorrect secret, a 401 will be thrown (not the one in my example, another 401 by woocommerce.
my_awesome_func()
is not reached in this case. I believe it's like wp-login, custom error message when correct login (key), nice ^^')
然后,您需要按照自己的规则来保护自己的路线:
You then need to secure your route by your rules:
- 检查用户是否像
if(!is_user_logged_in())一样返回false
- 检查用户ID
wp_get_current_user()-> ID
- 通过您的角色/权限系统进行检查
- 现在您有了用户ID,就可以使用它进行所需的操作
- 使用
WP_REST_Request $ request
参数处理GET或POST HTTP参数.
- Checking if user is logged in like
if(!is_user_logged_in()) return false
- Checking user ID
wp_get_current_user()->ID
- Checking by your role/permission system
- now that you have user ID, you do what you want with it
- use the
WP_REST_Request $request
parameter to handle GET or POST HTTP parameters.
因此它看起来像:
add_action('rest_api_init', function () {
register_rest_route('wc', '/test', [
'methods' => 'GET',
'callback' => 'my_awesome_func',
]);
});
function my_awesome_func(WP_REST_Request $request)
{
if (is_user_logged_in() && (int)wp_get_current_user()->ID === 123) {
//your stuff only for legged in user 123
return new WP_REST_Response('ok', 200);
}
return new WP_Error('unauthorized', __('You shall not pass'), [ 'status' => 401 ]); //can also use WP_REST_Response
}
似乎可能有正确的方法添加Woocommerce REST API端点(找不到关于它的适当文档...).但是我对此进行了测试,并且至少可以使用Woocommerce密钥/秘密身份验证系统起作用,我认为该系统适用于/wc/
端点下.
It seems there may be proper ways to add a Woocommerce REST API endpoint (couldn't find proper documentation about it...). But I tested this and it worked, at least to use the Woocommerce key/Secret authentication system, which I believe is applied under the /wc/
endpoint.
注意:小心地将路由添加到wc端点,因为您可能会覆盖现有的路由端点.例如:添加/product/mytest
可能与处理/product/[product_id]
的Woocommerce官方路线发生冲突.
Note: careful adding routes to the wc endpoints, as you may override an existing route endpoint. Eg: adding /product/mytest
could conflict with an official Woocommerce route that handles /product/[product_id]
.
注2:我首先使用核心API身份验证系统).因此,我移到了Woocommerce API端点.
Note 2: I first tested with a custom WordPress REST API route, and passing Woocommerce key/secret to see if WordPress could see me correctly authenticated and identified. But it didn't work (WP uses the core API auth system). So I moved to the Woocommerce API endpoint.
注3:您可以使用具有自定义路由的Wordpress REST API和机器对机器"的自定义路径来实现相同的目的.身份验证插件,例如Oauth,应用程序密码,JWT ...如
Note 3: You could achieve the same using the Wordpress REST API with a custom route, and a "machine to machine" authentication plugins like Oauth, application password, JWT... like described on WP REST API authentication documentation page.
这篇关于是否可以添加使用WooCommerce授权的新API端点?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!