To allow only logged in users to view WP endpoints, add the following code:
function mytheme_only_allow_logged_in_rest_access( $access ) {
if( ! is_user_logged_in() ) {
return new WP_Error(
'rest_cannot_access',
__( 'Only authenticated users can access the REST API.', 'disable-json-api' ),
array(
'status' => rest_authorization_required_code()
)
);
}
return $access;
}
add_filter( 'rest_authentication_errors', 'mytheme_only_allow_logged_in_rest_access' );
Admins version
function mytheme_only_allow_logged_in_rest_access( $access ) {
if( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
return new WP_Error( 'rest_cannot_access', __( 'Only authenticated users can access the REST API.', 'disable-json-api' ), array( 'status' => rest_authorization_required_code() ) );
}
return $access;
}
add_filter( 'rest_authentication_errors', 'mytheme_only_allow_logged_in_rest_access' );
Default endpoints list
add_filter( 'rest_endpoints', 'show_default_endpoints' );
function show_default_endpoints( $endpoints ) {
var_export( array_keys( $endpoints ) );
die;
}
Removing access only for default endpoints.
add_filter( 'rest_endpoints', 'remove_default_endpoints' );
function remove_default_endpoints( $endpoints ) {
return array( );
}