WordPress REST API: Accept only certain parameters while creating a post

We want to create a post of post type group and we want to restrict user to only post post_title and post_content. For this we are going to use rest_pre_insert_{$post_type} filter.

add_filter('rest_pre_insert_group', 'group_post_params', 10, 1);  

Let's create a function group_post_params for removing all the extra fields which a user can post via API.

function group_post_params($prepared_post, $request) {  
    $allowed_params = array('post_title', 'post_contnet');
    foreach ($prepared_post as $key => $val) {
        if (!in_array($key, $allowed_params)) {
            unset($prepared_post->$key);
        }
    }
    $prepared_post->post_type = 'group';
    return $prepared_post;
}

That's it.

comments powered by Disqus