When dealing with themes, it's general practice to show the user's name as the value clearly labeled as "Display name publicly as":
The default JSON response for embedded users (e.g. authors in posts) includes all of these values:
{"author": {
"ID": 4,
"username": "kadamnation",
"name": "K. Adam White",
"first_name": "K. Adam",
"last_name": "White",
"nickname": "KAdam",
"slug": "kadamnation",
"URL": "http://www.mydomain.com",
"avatar": "http://0.gravatar.com/avatar/6cd1cf6de05952505a165425efaf06b4?s=96",
"description": "Some short biographical description about the user",
"registered": "2012-06-17T15:41:32+00:00",
"meta": {
"links": {
"self": "http://www.mydomain.com/wp-json/users/4",
"archives": "http://www.mydomain.com/wp-json/users/4/posts"
}
}
}}Of these, we discussed at WCNYC that we may want to limit the information about a user that we expose. I propose limiting embedded response data (and responses for non-authenticated requests, see #297) to these values:
- name: (the name explicitly selected for display on the site)
- slug: The public slug representation of the user, for use with routes etc
- nickname: If this gets populated, I think it'd make sense to expose it since I've seen it commonly used on things like author archive pages
This would mean we would omit the following:
- username: Even though this is probably the same as slug (need to confirm this), we probably don't want to give away internal account names where possible
- first_name: Superseded by name
- last_name: Superseded by name
- We also discussed removing registered, unless anyone can think of a compelling reason why it should be in the public responses
When dealing with themes, it's general practice to show the user's name as the value clearly labeled as "Display name publicly as":
The default JSON response for embedded users (e.g. authors in posts) includes all of these values:
{"author": { "ID": 4, "username": "kadamnation", "name": "K. Adam White", "first_name": "K. Adam", "last_name": "White", "nickname": "KAdam", "slug": "kadamnation", "URL": "http://www.mydomain.com", "avatar": "http://0.gravatar.com/avatar/6cd1cf6de05952505a165425efaf06b4?s=96", "description": "Some short biographical description about the user", "registered": "2012-06-17T15:41:32+00:00", "meta": { "links": { "self": "http://www.mydomain.com/wp-json/users/4", "archives": "http://www.mydomain.com/wp-json/users/4/posts" } } }}Of these, we discussed at WCNYC that we may want to limit the information about a user that we expose. I propose limiting embedded response data (and responses for non-authenticated requests, see #297) to these values:
This would mean we would omit the following: