Some REST API requests require authentication to return information for a request – for example the endpoint:<\/p>\n\n\n\n
is a valid endpoint<\/a> to return all attendees for the given site, but without proper authentication, a site that has attendees will still return:<\/p>\n\n\n\n Since our REST API is built on top of the WordPress API<\/a>, the same authentication practices<\/a> are baked in. This ensures that sensitive information (such as attendees’ personal data) remains protected.<\/p>\n\n\n\n You can refer to this article for more basics on using our Event\/Ticket REST API<\/a>. <\/p>\n\n\n\n Luckily, it is relatively simple to set up authentication methods for using the REST API within your site! Here are three options:<\/p>\n\n\n\n Regardless of the option you choose here, you are basically setting up a secret password (token) within your site that will allow you to have access to otherwise protected information or actions. This authentication process is already happening “under the hood” on every page you visit when you are logged in to the admin side of your site, but for use in REST API calls this needs to be explicitly set up.<\/p>\n\n\n\n Using the same example as before, how would we Using a locally hosted site with one attendee as an example, this is what the response will look like:<\/p>\n\n\n\n This section will assume that you know how to set up a basic AJAX call (but here is a guide<\/a> if you need help getting started). <\/p>\n\n\n\n In your PHP where you have the script enqueued<\/a>, you can add a nonce as a localized variable with Then in your Javascript file, use the nonce to authenticate your request:<\/p>\n\n\n This ensures that your AJAX request is authenticated and securely retrieves the data you need. You can test that the authentication is happening by triggering the AJAX call as a logged-in user versus an incognito window. <\/p>\n\n\n\n If you run into any issues, feel free to open a ticket with our support team. We\u2019re always here to help with the basics, but please keep in mind that our ability to assist with customizations might be a bit limited. Happy coding!<\/p>\n","protected":false},"excerpt":{"rendered":" Some REST API requests require authentication to return information for a request – for example the endpoint: GET https:\/\/demo.theeventscalendar.com\/wp-json\/tribe\/tickets\/v1\/attendees is a valid endpoint to return all attendees for the given site, but without proper authentication, a site that has attendees will still return: Since our REST API is built on top of the WordPress API,…<\/p>\n","protected":false},"author":44,"featured_media":1955565,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_swpsp_post_exclude":false,"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"ep_exclude_from_search":false,"footnotes":""},"categories":[24,59],"tags":[225,25],"stellar-product-taxonomy":[155,156,161],"class_list":["post-1960612","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-customizing","category-customizing-resources","tag-api","tag-customizations","stellar-product-taxonomy-event-tickets","stellar-product-taxonomy-event-tickets-plus","stellar-product-taxonomy-the-events-calendar"],"acf":[],"taxonomy_info":{"category":[{"value":24,"label":"Customizations"},{"value":59,"label":"PHP & Functions"}],"post_tag":[{"value":225,"label":"API"},{"value":25,"label":"Customizations"}],"stellar-product-taxonomy":[{"value":155,"label":"Event Tickets"},{"value":156,"label":"Event Tickets Plus"},{"value":161,"label":"The Events Calendar"}]},"featured_image_src_large":["https:\/\/images.theeventscalendar.com\/kb\/uploads\/2023\/02\/social-share-1024x538.png",1024,538,true],"author_info":{"display_name":"Sam Dokus","author_link":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/author\/sam-dokus\/"},"comment_info":0,"category_info":[{"term_id":24,"name":"Customizations","slug":"customizing","term_group":0,"term_taxonomy_id":24,"taxonomy":"category","description":"","parent":0,"count":110,"filter":"raw","term_order":"0","cat_ID":24,"category_count":110,"category_description":"","cat_name":"Customizations","category_nicename":"customizing","category_parent":0},{"term_id":59,"name":"PHP & Functions","slug":"customizing-resources","term_group":0,"term_taxonomy_id":59,"taxonomy":"category","description":"","parent":24,"count":101,"filter":"raw","term_order":"0","cat_ID":59,"category_count":101,"category_description":"","cat_name":"PHP & Functions","category_nicename":"customizing-resources","category_parent":24}],"tag_info":[{"term_id":225,"name":"API","slug":"api","term_group":0,"term_taxonomy_id":225,"taxonomy":"post_tag","description":"","parent":0,"count":5,"filter":"raw","term_order":"0"},{"term_id":25,"name":"Customizations","slug":"customizations","term_group":0,"term_taxonomy_id":25,"taxonomy":"post_tag","description":"","parent":0,"count":177,"filter":"raw","term_order":"0"}],"_links":{"self":[{"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/1960612","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/comments?post=1960612"}],"version-history":[{"count":20,"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/1960612\/revisions"}],"predecessor-version":[{"id":1963266,"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/1960612\/revisions\/1963266"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/media\/1955565"}],"wp:attachment":[{"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/media?parent=1960612"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/categories?post=1960612"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/tags?post=1960612"},{"taxonomy":"stellar-product-taxonomy","embeddable":true,"href":"https:\/\/staging.theeventscalendar.com\/knowledgebase\/wp-json\/wp\/v2\/stellar-product-taxonomy?post=1960612"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}GET <\/code>https:\/\/demo.theeventscalendar.com\/wp-json\/tribe\/tickets\/v1\/attendees<\/code> <\/a><\/p>\n\n\n\n{\n \"rest_url\": \"https:\/\/demo.theeventscalendar.com\/wp-json\/tribe\/tickets\/v1\/attendees\/\",\n \"total\": 0,\n \"total_pages\": 0,\n \"attendees\": []\n}<\/code><\/pre>\n\n\n\nSet up an Authentication Method<\/h2>\n\n\n\n
\n
wp_create_nonce()<\/code> function with the action set to 'wp_rest'<\/code>. This method requires more technical understanding but is very versatile once set up.<\/li>\n<\/ol>\n\n\n\nMake a REST Request using curl<\/h2>\n\n\n\n
GET<\/code> all the attendees from our site? For the purposes of this example, let’s assume you have the Basic Auth plugin installed and activated, which allows you to use your WP admin credentials for authentication using a curl<\/code> request<\/a>. In a terminal, you can then run a command like this (replacing user:pass<\/code> with your WP username and password and update the URL):<\/p>\n\n\n\ncurl --user user:pass -X GET \\\n -H \"Content-Type: application\/json\" \\\n [https:\/\/www.yoursite.url]\/wp-json\/tribe\/tickets\/v1\/attendees<\/code><\/pre>\n\n\n\n{\n \"rest_url\": \"https:\/\/stable.dev.lndo.site\/wp-json\/tribe\/tickets\/v1\/attendees\/\",\n \"total\": 1,\n \"total_pages\": 1,\n \"attendees\": [\n {\n \"id\": 33,\n \"post_id\": 29,\n \"ticket_id\": 30,\n \"global_id\": \"stable.dev.lndo.site?type=attendee&id=33\",\n \"global_id_lineage\": [\"stable.dev.lndo.site?type=attendee&id=33\"],\n \"author\": \"1\",\n \"status\": \"publish\",\n \"date\": \"2024-06-06 15:36:45\",\n \"date_utc\": \"2024-06-06 21:36:45\",\n \"modified\": \"2024-06-06 15:36:45\",\n \"modified_utc\": \"2024-06-06 21:36:45\",\n \"rest_url\": \"https:\/\/stable.dev.lndo.site\/wp-json\/tribe\/tickets\/v1\/attendees\/33\",\n \"ticket\": {\n \"id\": \"30\",\n \"title\": \"Entree\",\n \"description\": \"Allows entree to the BBQ\",\n \"raw_price\": 20,\n \"formatted_price\": \"20.00\",\n \"currency_config\": {\n \"symbol\": \"$\",\n \"placement\": \"prefix\",\n \"decimal_point\": \".\",\n \"thousands_sep\": \",\",\n \"number_of_decimals\": 2\n },\n \"start_sale\": \"2024-06-01\",\n \"end_sale\": \"2024-07-01\"\n },\n \"title\": \"Steve Harvey\",\n \"optout\": true,\n \"provider\": \"woo\",\n \"order\": \"32\",\n \"sku\": \"\",\n \"email\": \"steve@test.com\",\n \"checked_in\": false,\n \"checkin_details\": false,\n \"is_subscribed\": false,\n \"is_purchaser\": true,\n \"payment\": {\n \"provider\": \"woo\",\n \"price\": 20,\n \"currency\": \"$\",\n \"date\": \"2024-06-06 15:36:16\",\n \"date_details\": {\n \"year\": \"2024\",\n \"month\": \"06\",\n \"day\": \"06\",\n \"hour\": \"15\",\n \"minutes\": \"36\",\n \"seconds\": \"16\"\n }\n }\n }\n ]\n}<\/code><\/pre>\n\n\n\nMaking a REST Request with AJAX<\/h2>\n\n\n\n
wp_localize_script()<\/code><\/a>: <\/p>\n\n\n\n\/\/ Localize the script with the nonce\nwp_localize_script( 'handle-of-script', 'localized_script_variables', array( \n 'ajax_url' => admin_url( 'admin-ajax.php' ),\n 'rest_endpoint' => '\/wp-json\/tribe\/tickets\/v1\/attendees\/',\n 'nonce' => wp_create_nonce( 'wp_rest' ),\n) );\n<\/pre><\/div>\n\n\n
\n$.ajax({\n url: localized_script_variables.ajax_url,\n type: 'GET',\n dataType: 'json',\n headers: {\n 'X-WP-Nonce': localized_script_variables.nonce,\n },\n success: renderAttendees \/\/ This can be a callback that handles the attendees in the response.\n});\n<\/pre><\/div>\n\n\nWrapping Up<\/h2>\n\n\n\n