JSON API wordpress plugin secure with a key

JSON-API is very useful wordpress plugin. I often use it to retrieve wordpress data to mobile app. It can handle custom fields, custom post types, taxonomy, etc. It also has custom controllers that we can use to extent the functionality.

Unfortunately this plugin has no access control. So once you install this plugin, everyone can access the data as well. I made a little update to limit the access. Basically I added a secret key or a password, but I will use term api key. Only someone with correct api key can access the data.

So how to do this.

Edit json-api.php file, after :

add the following code.

Change b34b40ca8771c48c204e55f927376885 to anything as you like as the api key. For the complete diff, see this commit in github:

Now every JSON-API request will require api key. Otherwise it will return permission denied error message. For example: