Wordpress JSON API nonces and Vue development server

Question

As stated in the official docs, the JSON API CSRF protection only works from within Wordpress.

It is important to keep in mind that this authentication method relies on WordPress cookies. As a result this method is only applicable when the REST API is used inside of WordPress and the current user is logged in. In addition, the current user must have the appropriate capability to perform the action being performed.

Which means anytime I start a Vue development server to build my Vue app, the API will refuse my requests, as there's no WP environment that could provide me with a nonce that I could then pass to the API. Anybody found a workaround for that problem?

Answer 1

For making authenticated API requests from a third party app, you'll need to install a plugin to give you different methods of authentication.

The most convenient but less secure is Basic Authentication: https://github.com/WP-API/Basic-Auth, it's appropriate for a local development environment.

This allows you to make authenticated requests by passing username and password in the body of the POST request.

I don't have an example in Vue, as I'm not familiar with its syntax.