1. 20
    Add Comments to a Headless WordPress Post using Application Passwords
    2m 36s

Add Comments to a Headless WordPress Post using Application Passwords

Share this video with your friends

Social Share Links

Send Tweet

One of the strengths of WordPress is the commenting system. In previous lessons, we have seen how to get the comments alongside the posts.

In this lesson, will use Application Passwords, a WordPress plugin that allows authentication via non-interactive systems (in our case, using REST API) to provide authentication when posting a comment.

Using the auth functionality provided by our API client, we'll POST to Posts comments, resulting in a comment associated directly to the HTML of the post.

There are different strategies for publishing comments. The first one is approving and triggering a build using WebHooks. The alternative is using a third-party system, something like DISQUS. But the benefit of keeping the comment directly associated with the HTML is that it becomes indexable and searchable.

Instructor: [0:00] One of the strengths of WordPress is the comment system. You can approve, mark as spam, trend on the frontend. We can see where those comments are. We've already seen with the REST API, we can get all the comments, and we've previously extended the API, so the comments are served alongside the posts that they are attached to.

[0:18] One way that we can manage comments is to post to our WordPress instance. If we have a build step, we'd probably want to handle this on a serverless function that would post it to our WordPress instance. Let's do it directly for now.

[0:30] Authenticating to post is cookie-based by default, so I'm going to add a new plugin that's going to allow me to authenticate using username and password. This plug in is called application passwords. Install it. I'm going to activate it.

[0:43] I'm going to go to the users on my user. On the button, I got application passwords. I'm going to call this my REST API. I'm going to add new. Again, one chance to copy and paste this code. I can use the basic auth in my API client.

[0:59] My username's Kevin and my password's here. This will now let me post on this route, so I want to post to POST. It's saying, "Hey, he have to have content, title, and an excerpt." Let's sort that out.

[1:16] Content, excerpt, title. If we go and check, it's here. It's marked with draft by me, because I posted it. If I wanted to publish it straightaway, now I put the status and publish. It means it's not available there. It might be inside. It's available there.

[1:30] What about comments? I post to the comments route with the post equal to the post I've just created, which is 163. The author name, I'll set to someone who isn't me. The author email I'll set to notatme.com. Then the comment which can be, "It's really me."

[1:51] Now, if I go to comments, I'll see that this comment has appeared but hasn't been published because this person hasn't posted previously. I can approve this comment or mark it as trash or spam. I approve it.

[2:04] Let's see, I went to this post, it's there. There are different strategies. At this point, when we approve a comment, we might trigger a build if we have a static build. The alternative is to use a third-party system. A popular platform for that is something like Discus.

[2:18] The benefit of this is that you can move this to your frontend with an API key. Those comments go with you. The benefit of this approach, or building and having the comments with the post is that the comments stay, and the html with the post content, so that they're searchable and findable together.