Hi,
I was trying to access the API's for some other purpose and found that, I am able to access the entire data through API, without any authorization in both 4.x and 3.x versions.
Whereas, both the API security state, Oauth 2.0, everything was ticked in 3.x and in 4.x, without ticking anything, all the data, is being accessed.
This is a major security issue with the application.
Let me know, how this can be controlled and enable the authorization, all the data should be accessed based on the token only.
Well yes in version 3.0 you can access data which is not user connected using the apis like courses , course list , instructor public profiles and blog posts .
In 4.0 we have put client id at many places .
however in both versions in order get the user data you will need token.
http://localhost/wordpress-5.1.1/wp-json/wplms/v1/user/chart/course
I am not able to fetch all the courses data for any particular student. This API is not providing me any data.
Response:
{
“labels”: [],
“data”: []
}
Which API should i use to fetch all the course and quiz for a particular user.
you have to post the token .
In 3.0 : refer : https://documenter.getpostman.com/view/3430105/S1TYTvP9?version=latest