I'm working with the WordPress REST API for the first time.
The idea behind the project is that once a POST request has been made to a custom endpoint, the data is escaped/cleaned up and then saved into the database through WP's own functions. I'm basically just collecting feedback submitted through a form on a site ( plus many other sites ) and send the data to another site (my own one).
How would you handle security in this case? I can't use oauth. What I'd like to do is just make sure the request has been genuinely made from that form.
Any ideas?
I recommend you use token authentication, use a signed token to validate the identity of the user who make a request. In this case JWT, you can choose the PHP JWT library you feel better using.