Document how to require authentication on all API requests

[kadamwhite]

This is a common issue (WP-API/WP-API#2432 WP-API/WP-API#2497), and the snippet here https://gist.github.com/danielbachhuber/8f92af4c6a8db784771c (copied below) should be provided within the documentation site itself.

<?php
add_filter( 'rest_authentication_errors', function( $result ) {
    if ( ! empty( $result ) ) {
        return $result;
    }
    if ( ! is_user_logged_in() ) {
        return new WP_Error( 'restx_logged_out', 'Sorry, you must be logged in to make a request.', array( 'status' => 401 ) );
    }
    return $result;
});

[tripflex]

👍 +1 on this as well ... the documentation on the site lead me to believe that authentication would be required for API, and after reading through issues on GitHub it's clear that by default everything is public ... at least put something on the documentation page stating that if you want to use authentication, you have to set it up as it's not required by default ... especially when it comes to custom routes.

http://v2.wp-api.org/guide/authentication/

[kadamwhite]

See also WP-API/WP-API#2497