salman/igny8
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Site Metadata Endpoint and API Key Management

Browse Source 
- Introduced a new Site Metadata endpoint (`GET /wp-json/igny8/v1/site-metadata/`) for retrieving available post types and taxonomies, including counts.
- Added API key input in the admin settings for authentication, with secure storage and revocation functionality.
- Implemented a toggle for enabling/disabling two-way sync operations.
- Updated documentation to reflect new features and usage examples.
- Enhanced permission checks for REST API calls to ensure secure access.
This commit is contained in:
IGNY8 VPS (Salman)
2025-11-21 15:18:48 +00:00
parent 1eba4a4e15
commit c35b3c3641
10 changed files with 475 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
master-docs/WORDPRESS-PLUGIN-INTEGRATION.md
View File

@@ -2072,3 +2072,52 @@ if ($result['success']) {
**Last Updated**: 2025-11-16
**API Version**: 1.0.0
---
## Site Metadata Endpoint (Bridge)
The WordPress Bridge exposes a discovery endpoint that the IGNY8 SaaS app can call to retrieve available post types, taxonomies and counts. The endpoint follows the IGNY8 unified response format and includes plugin-side flags so the SaaS app can decide whether to perform automatic syncs.
- URL: `GET /wp-json/igny8/v1/site-metadata/`
- Authentication: Plugin-side connection must be authenticated. The bridge accepts:
- `Authorization: Bearer <token_or_api_key>` (preferred)
- `X-IGNY8-API-KEY: <api_key>` (supported)
The plugin stores an optional API key in `igny8_api_key` (secure storage via `igny8_store_secure_option()` when available) and will use it as the active access token when present.
- Response shape: IGNY8 unified format — top-level `success`, `data`, optional `message`, and `request_id`.
- Caching: Results are cached on the WP side using a transient (`igny8_site_metadata_v1`) with a default TTL of 300 seconds.
Behavior notes:
- Toggling "Enable Sync Operations" (option `igny8_connection_enabled`) or "Enable Two-Way Sync" (`igny8_enable_two_way_sync`) in the plugin admin only affects background/inbound/outbound sync actions. REST discovery endpoints remain accessible so the SaaS app can still query metadata even when sync is disabled on either side.
- The endpoint includes two flags in the payload: `plugin_connection_enabled` and `two_way_sync_enabled` so the SaaS app can make informed decisions.
Example response:
```json
{
"success": true,
"data": {
"post_types": {
"post": { "label": "Posts", "count": 123 },
"page": { "label": "Pages", "count": 12 }
},
"taxonomies": {
"category": { "label": "Categories", "count": 25 },
"post_tag": { "label": "Tags", "count": 102 }
},
"generated_at": 1700553600,
"plugin_connection_enabled": true,
"two_way_sync_enabled": true
},
"message": "Site metadata retrieved",
"request_id": "550e8400-e29b-41d4-a716-446655440000"
}
```
Developer notes:
- Admin settings:
- API key input (option `igny8_api_key`) added to Settings → IGNY8 API. When provided the key is stored securely and used as the access token by the plugin.
- Two-way sync toggle added (option `igny8_enable_two_way_sync`) — default ON.
- Connection toggle `igny8_connection_enabled` remains the master on/off switch for sync operations.
- Tests: Basic unit test added at `igny8-wp-integration-plugin/tests/test-site-metadata.php`.
- Security: Webhook secret and REST permission checks remain enforced; unauthenticated REST calls still return unified 401 errors.