 I'm going to try to verify the username and password to make sure that we are actually working with someone who is a logged in user. We're not working with any kind of person who is trying to send us data. The other way we could do is we could verify by saying the content that we want to receive on our endpoint is the one that should be coming from the right URL. So we can set a proper URL. I know that once the header is coming we can confirm that this is coming from the right URL. So today let's verify the user and the password. So I have some code that I'm going to paste here and I'm going to allow you to just understand what it's all about. So what I'm going to do is let me comment out the first line and then we shall understand what this is. So WordPress has a function which is called a getUserBy and it allows you to use the login as a parameter and you can pass in the username. So what we're going to do is we're going to pass the username that we get from our API ping and what I'm going to do at the end of the day is I'm going to pass back this data and see what we get from our ping. So I'll pass this in as data and then what I'm going to do is I'm going to get sorry, the name that we have here and it's what I'm going to pass in as a parameter here. So let's find out if the user that we have is actually true or what data we get back. So I'm going to save this like we previously did. So I'm going to come back to our postman, look in our body and find out Lawrence as a name and that is an actual user that's registered. So if I ping this, you're going to see that it returns a false. So this getUserBy helps us to find out whether the user is authentic or not. So if it is false, then we can throw a message and say you know what, you are not the authenticated user. So that's what we're going to do. So we're going to say if the user that we have, so I'll just, sorry, get, I'll copy this, add it here and then I'll just use the data and say if it is true, then we shall actually run the code below. So if the user data that we get back, if the result here is true, then we are going to run this piece of content. So I'll cut this and put it in set here. I'll tab this to make it more readable but if it is not, then we're going to add else. We're going to say that the user does not exist so we'll pass back the same thing. Data status okay is what we'll pass in but we're going to pass back a message and say the user does not exist. The current user does not exist. So I'll save this. Let's go back to our postman and then we're going to ping with the same data and click send. So we see the message, current status is okay but the current user does not exist and that is a very major blow. So what I'm going to do is I'm going to go into my WP admin and I'm going to create a new user who we shall use to authenticate our kind of content. So let me go in and create a new user. So I'm going to create a new user and I'll give them a username of YouTube. I'll give them YouTube email which does not exist so don't try to send any email in there because we'll have YouTube as the user demo website is that. What we're going to do is we'll assign them the power of an editor or contributor. Let's say we give them the powers of an editor and we need to set password and let's get the one that is in our I'll just confirm that. It's me 2020, that's the casing confirm, don't send email and okay, so now that we've created our user what I'm going to do is I'm going to go back to the pink here and I'm going to change that to YouTube. Let's see what happens. So I'm going to send this data let's see what comes back Voila, we're able to pass through and we're able to see that there's more data that's passed on to our if you look at the data here we're going to assign the user data that comes from here we need to see what we get back so when we look inside our pink you'll see that we have more data coming in here we have data, we have an array of data and inside this data we have an ID, we have a login username, we have a password we have a nice name, we have the email we have all this kind of content already here for us so we're going to use this same data to verify whether our password is also true so how do we do that but you realize that the password we set and what we have here are completely different they're not the same we have it's me as a password here but we have this kind of thing recorded inside our database and this is because this data has been hashed so that brings us to use the inbuilt WordPress function of WP check password so what we're going to do here is we're going to add another variable and say let's get the result of checking the password so let me just pass this in to make it a better variable name and say if we check for the password now we are going to pass in our password that we have here and then we're going to check for the user data and find the pass and then we're also going to pass in the user data ID that is the data that we have here the ID is three so we'll be confirming that that is the exact user that we are working with one that's their proper ID two that's their password and we're checking to see if it's the one that is hashed so if this is true then we shall verify that as the correct user so if they are true then we shall run our data and say that's the authenticated user else if it's not true so we're going to add another elf statement here and say we shall just copy this here and pass it in and say the user is not authenticated you are not authenticated to login and that's the message we'll pass on but otherwise if everything goes well then we should have everything working out so I'm going to save this I'm going to come back here to our postman and then I'm going to ping so when I send this data you'll see that we get back our data received so everything is okay we have all this information and we have a message we have reached this server however if I change our password by just even one letter and say let me add a queue here and ping this you're going to get back a message and say the status is okay but you are not authenticated to login so we can have the right people with the right access to be able to send data to our post API so this is the one way we can actually do all of this so with just a little bit of code just having this wpcheck password and also get user by we're able to authenticate so many lines of code to make our API endpoint much better we're using native wordpress functions and making our application much much more secure for us so thank you for watching the video if you found it helpful give it a thumbs up if you didn't like it let me in the comment what you didn't like about it or give me a question send me a question what would you want to know more about the post API or anything else so don't forget to subscribe for more content like this and enjoy your day