BadgeOS User API Design

Functionality Supported by this API

Use Cases are cataloged under the "User" section of Award Badges API

Checking if User already has a record (Auto-suggest)

  • Searching via "auto-suggest" would present a list of users that match keystrokes typed into a field.
    • The Front-End application (Invite?) would handle the presentation and would be supported by an
    • API that accepts a string and returns a matching set of user accounts.

Assure User Records are in both systems

  • Performs cross-database join on the Email Address to see which records are in one system versus the other.

User Creation Using WordPress Manually

  • Requires its own account on WordPress with Admin privileges.

Generally, this will be happening within the context of assembling a Team (INV-01 Create Team)

  • From the WordPress "Back-End", enter the required information for the User.
  • From the Invitation App (or UserAdmin module), Find the users within WordPress/BadgeOS that are not present in ClueRide Member table and update Member table as needed. Haven't thought through the scheduling for this: trigger, polling, sync/async.
  • As the team is assembled (this might be a good trigger):
    • Verify presence in both tables

DB Concerns

  • Writing a record to the wp_user table works, but it is a partial implementation.
  • Still need to enter the UAM records.
  • Still need to assign a Role that matches the UAM records.

References for DB Work

Database Reverse Engineering

Exploring Login Form-Submission (critical) and WP REST API (perhaps a FUTURE)

Figured out how to Authenticate as part of ticket SVR-60. The Use Case is BDG-00: Establish Session. This captures the required cookies.

  • Session Cookie is the preferred and only native method. The cookies are set upon login and then remain as part of the session. I would need to explore how to do this in both Postman, Java, and BDD/Python.
  • I had explored at least two alternatives:
    • I had installed JWT Authentication for WP-API (v1.2.4), but haven't dug into it (it was disabled)
    • Basic Auth plugin

Here's the thing:

  • Neither the Basic Auth or the JWT are being kept up-to-date; Basic Auth I couldn't get to work.
  • Neither has been tested since WP 4.7 or so.
  • The API itself has been brought into the WP Core, so logging in should provide access to the API.
  • The APIs won't support a few back-end pieces I'll need to go to the database for anyway:
    • Badge-specific posts
    • Badge-specific records
    • UAM module

For these reasons, I think sticking with either a) Form Submission or b) Database approach is best.

Here's some (minimal?) JSON for creating a new user.

        "name": "User Name 5",
        "email": "",
        "username": "uname5",
        "password": "random-stuff",
        "url": "",
        "description": "Don't need no stinking description; but where does this show up?",
        "link": "",
        "slug": "uname5"


Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License