API working without any Authorization in both 4.x and 3.x

Home Forums Legacy Support Support queries Setup issues API working without any Authorization in both 4.x and 3.x

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #312066
    rahmediahouse
    Spectator
    Hi, I was trying to access the API's for some other purpose and found that, I am able to access the entire data through API, without any authorization in both 4.x and 3.x versions. Whereas, both the API security state, Oauth 2.0, everything was ticked in 3.x and in 4.x, without ticking anything, all the data, is being accessed. This is a major security issue with the application. Let me know, how this can be controlled and enable the authorization, all the data should be accessed based on the token only.
    #312357
    Anshuman Sahu
    Keymaster
    Well yes in version 3.0 you can access data which is not user connected using the apis like courses , course list , instructor public profiles and blog posts . In 4.0 we have put client id at many places . however in both versions in order get the user data you will need token.
    #313893
    rahmediahouse
    Spectator
    http://localhost/wordpress-5.1.1/wp-json/wplms/v1/user/chart/course I am not able to fetch all the courses data for any particular student. This API is not providing me any data. Response: { “labels”: [], “data”: [] } Which API should i use to fetch all the course and quiz for a particular user.
    #314251
    Anshuman Sahu
    Keymaster
    you have to post the token . In 3.0 : refer : https://documenter.getpostman.com/view/3430105/S1TYTvP9?version=latest
Viewing 4 posts - 1 through 4 (of 4 total)
  • The topic ‘API working without any Authorization in both 4.x and 3.x’ is closed to new replies.