I’m currently building a prototype to post data from WordPress to a Rightmove RESTful JSON API (a rental/property website in the UK – specifically the Real Time Datafeed)
Was pretty impressed that WordPress had the HTTP API actually, but upon digging deeper I’ve realised it seems to be lacking a fair few things (documentation being one!)
Does the HTTP API support mutual authentication and SSL in any way? Specifically the mutual authentication part? As this is a requirement of the API given the sensitive nature of the data.
All I can find is that it can support SSL but nothing to do with client certificates, and basic authentication.
I’m far from an expert in these things but I’m thinking I need to go down the pure PHP route using fsock/curl
Cheers!
1
Re the WP HTTP API look for the sslverify and sslcertificates args in this docs page: https://developer.wordpress.org/reference/classes/wp_http/request/. sslverify defaults to true and sslcertificates accepts an absolute path to a certificate file.
If you’re going to be doing a lot of lifting with this API (sounds like it for a real estate site), I would suggest considering the popular PHP library Guzzle: http://docs.guzzlephp.org/en/stable/
You will likely save yourself headaches over anything with fsock/curl. Many WP plugins use Guzzle under the hood. It’s well-documented, has tons of examples online, and supports the sort of functionality that you need. It can be installed via composer: composer require guzzle/guzzle
Seeing as your primary concern is authentication with a certificate, when you instantiate a new GuzzleHttp\Client, include the cert and ssl_key args:
See:
- http://docs.guzzlephp.org/en/stable/request-options.html#cert
- http://docs.guzzlephp.org/en/stable/request-options.html#ssl-key
