I want to use Zapier to register a new WordPress user â the trigger will be a new purchase on Gumroad.
This plugin â https://wordpress.org/plugins/json-api-user/ â allows you to register users using a public JSON interface, eg by hitting
https://example.com/api/user/register/?username={{email}}&email={{email}}&nonce=blahblahblah
I’m new to all this, but know that I can get Zapier to insert the purchaser’s email from Gumroad into {{email}}.
My question is, how can I do this in a secure way?
(At the moment anyone can hit example.com.com/api/get_nonce/?controller=user&method=register and get the key they need)
And maybe it can even be done without using Zapier?
I’m assuming that the nonce is only good for a short period of time, like a couple minutes? If so, what you want to do is lock down the
/api/get_nonce/endpoint to require a password. That way only authenticated users can get a nonce, which can then be used to create the user.As for how Zapier fits in, it’s a bit complicated to custom build a two-request process like this. You would have to make your own app on the Developer Platform do the nonce call and then the user creation.
I use the following plugin to create users (via Zapier) on my WordPress sites after someone signed up on my Teachable school: WP Webhooks Pro
This plugin allows me to either POST the data to my WordPress site via JSON, XML or a simple form data. In my case, I don’t need a nonce, since the plugin generates API keys that I can use to push my data to.