I'm struggling with Wordpress REST API & authentication, I've went through tons of documentation and articles and videos, but still can't find answer that will clarify some things for me.
So here is what I'm trying to accomplish - I want to integrate Wordpress into existing static website (want to bring only recent posts to my homepage) and as advised in this post Integrate Wordpress recent posts into existing website i went for Wordpress REST API, which is very powerful and I managed to pull out only recent posts, but.......
Security issues:
If i use GET method in my AJAX call - it brings posts to my homepage right away easily.
If i use POST method - it asks for authentication.
Now from reading all articles I'm not even sure if it is safe to use GET method for this simple request or i have to use POST method?
Also, lot of people mentioned that if I use POST method without SSL (http instead of https) that it is not safe as well.
Is my website compromised if someone can see endpoint route in my request (e.g. http://somewebsite.com/wp-json/wp/v2/posts)?
Is it possible that someone can advise what is the best practice for my scenario?
GET or POST
Http or Https
Which authentication if i have to use one?
If i have to authenticate, where to store username and password - cookie or local storage?
Just keep in mind that i don't want to edit/add/delete any posts, just want to show them on my homepage, nothing else.
Please have understanding, since I am kind of a rookie when it comes to REST API
Thanks in advance
Generally it is always best to have SSLs on your sites.
If you are just attempting to display posts via an AJAX request you want GET request, and it is perfectly safe to use a GET request.
A POST request is used to create new content, which is why it is requiring authentication.