1 to 14 of 14
- WC_API_Authentication::__construct() – Setup class
- WC_API_Authentication::authenticate() – Authenticate the request. The authentication method varies based on whether the request was made over SSL or not.
- WC_API_Authentication::check_api_key_permissions() – Check that the API keys provided have the proper key-specific permissions to either read or write API resources
- WC_API_Authentication::check_oauth_signature() – Verify that the consumer-provided request signature matches our generated signature, this ensures the consumer has a valid key/secret
- WC_API_Authentication::check_oauth_timestamp_and_nonce() – Verify that the timestamp and nonce provided with the request are valid. This prevents replay attacks where an attacker could attempt to re-send an intercepted request at a later time.
- WC_API_Authentication::exit_with_unauthorized_headers() – If the consumer_key and consumer_secret $_GET parameters are NOT provided and the Basic auth headers are either not present or the consumer secret does not match the consumer key provided, then return the correct Basic headers and an error message.
- WC_API_Authentication::get_keys_by_consumer_key() – Return the keys for the given consumer key
- WC_API_Authentication::get_user_by_id() – Get user by ID
- WC_API_Authentication::is_consumer_secret_valid() – Check if the consumer secret provided for the given user is valid
- WC_API_Authentication::normalize_parameters() – Normalize each parameter by assuming each parameter may have already been encoded, so attempt to decode, and then re-encode according to RFC 3986
- WC_API_Authentication::perform_oauth_authentication() – Perform OAuth 1.0a "one-legged" (http://oauthbible.com/#oauth-10a-one-legged) authentication for non-SSL requests
- WC_API_Authentication::perform_ssl_authentication() – SSL-encrypted requests are not subject to sniffing or man-in-the-middle attacks, so the request can be authenticated by simply looking up the user associated with the given consumer key and confirming the consumer secret provided is valid
- WC_API_Authentication::update_api_key_last_access() – Updated API Key last access datetime
- WC_API_Authentication::urlencode_rfc3986() – Encodes a value according to RFC 3986. Supports multidimensional arrays.