The application_password_is_api_request WordPress filter allows you to modify whether an API request can use Application Passwords. By default, Application Passwords are available for the REST API and XML-RPC.
Usage
add_filter('application_password_is_api_request', 'your_custom_function', 10, 1);
function your_custom_function($is_api_request) {
// your custom code here
return $is_api_request;
}
Parameters
$is_api_request: (bool) Determines if this is an acceptable API request for Application Passwords.
More information
See WordPress Developer Resources: application_password_is_api_request
Examples
Enable Application Passwords for custom API endpoint
Enable Application Passwords for a custom API endpoint like “/my-custom-api/v1”.
function enable_app_passwords_for_custom_api($is_api_request) {
if (strpos($_SERVER['REQUEST_URI'], '/my-custom-api/v1') === 0) {
return true;
}
return $is_api_request;
}
add_filter('application_password_is_api_request', 'enable_app_passwords_for_custom_api', 10, 1);
Disable Application Passwords for XML-RPC
Disable Application Passwords for XML-RPC requests.
function disable_app_passwords_for_xmlrpc($is_api_request) {
if (defined('XMLRPC_REQUEST') && XMLRPC_REQUEST) {
return false;
}
return $is_api_request;
}
add_filter('application_password_is_api_request', 'disable_app_passwords_for_xmlrpc', 10, 1);
Enable Application Passwords for GraphQL API
Enable Application Passwords for the GraphQL API.
function enable_app_passwords_for_graphql($is_api_request) {
if (strpos($_SERVER['REQUEST_URI'], '/graphql') === 0) {
return true;
}
return $is_api_request;
}
add_filter('application_password_is_api_request', 'enable_app_passwords_for_graphql', 10, 1);
Disable Application Passwords for specific REST API endpoint
Disable Application Passwords for a specific REST API endpoint like “/wp-json/wp/v2/users”.
function disable_app_passwords_for_users_endpoint($is_api_request) {
if (strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users') === 0) {
return false;
}
return $is_api_request;
}
add_filter('application_password_is_api_request', 'disable_app_passwords_for_users_endpoint', 10, 1);
Enable Application Passwords for all API requests
Enable Application Passwords for all API requests regardless of the endpoint.
function enable_app_passwords_for_all_apis($is_api_request) {
return true;
}
add_filter('application_password_is_api_request', 'enable_app_passwords_for_all_apis', 10, 1);