Title: WP_REST_Server::check_authentication Published: December 9, 2015 Last modified: February 24, 2026 --- # WP_REST_Server::check_authentication(): 󠀁[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/)󠁿|null|true ## In this article * [Return](https://developer.wordpress.org/reference/classes/wp_rest_server/check_authentication/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/classes/wp_rest_server/check_authentication/?output_format=md#source) * [Hooks](https://developer.wordpress.org/reference/classes/wp_rest_server/check_authentication/?output_format=md#hooks) * [Related](https://developer.wordpress.org/reference/classes/wp_rest_server/check_authentication/?output_format=md#related) * [Changelog](https://developer.wordpress.org/reference/classes/wp_rest_server/check_authentication/?output_format=md#changelog) [ Back to top](https://developer.wordpress.org/reference/classes/wp_rest_server/check_authentication/?output_format=md#wp--skip-link--target) Checks the authentication headers if supplied. ## 󠀁[Return](https://developer.wordpress.org/reference/classes/wp_rest_server/check_authentication/?output_format=md#return)󠁿 [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/)|null|true [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) if authentication error occurred, null if authentication method wasn’t used, true if authentication succeeded. ## 󠀁[Source](https://developer.wordpress.org/reference/classes/wp_rest_server/check_authentication/?output_format=md#source)󠁿 ```php public function check_authentication() { /** * Filters REST API authentication errors. * * This is used to pass a WP_Error from an authentication method back to * the API. * * Authentication methods should check first if they're being used, as * multiple authentication methods can be enabled on a site (cookies, * HTTP basic auth, OAuth). If the authentication method hooked in is * not actually being attempted, null should be returned to indicate * another authentication method should check instead. Similarly, * callbacks should ensure the value is `null` before checking for * errors. * * A WP_Error instance can be returned if an error occurs, and this should * match the format used by API methods internally (that is, the `status` * data should be used). A callback can return `true` to indicate that * the authentication method was used, and it succeeded. * * @since 4.4.0 * * @param WP_Error|null|true $errors WP_Error if authentication error occurred, null if authentication * method wasn't used, true if authentication succeeded. */ return apply_filters( 'rest_authentication_errors', null ); } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/rest-api/class-wp-rest-server.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/rest-api/class-wp-rest-server.php#L172) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/rest-api/class-wp-rest-server.php#L172-L198) ## 󠀁[Hooks](https://developer.wordpress.org/reference/classes/wp_rest_server/check_authentication/?output_format=md#hooks)󠁿 [apply_filters( ‘rest_authentication_errors’, WP_Error|null|true $errors )](https://developer.wordpress.org/reference/hooks/rest_authentication_errors/) Filters REST API authentication errors. ## 󠀁[Related](https://developer.wordpress.org/reference/classes/wp_rest_server/check_authentication/?output_format=md#related)󠁿 | Uses | Description | | [apply_filters()](https://developer.wordpress.org/reference/functions/apply_filters/)`wp-includes/plugin.php` | Calls the callback functions that have been added to a filter hook. | | Used by | Description | | [WP_REST_Server::serve_request()](https://developer.wordpress.org/reference/classes/wp_rest_server/serve_request/)`wp-includes/rest-api/class-wp-rest-server.php` | Handles serving a REST API request. | ## 󠀁[Changelog](https://developer.wordpress.org/reference/classes/wp_rest_server/check_authentication/?output_format=md#changelog)󠁿 | Version | Description | | [4.4.0](https://developer.wordpress.org/reference/since/4.4.0/) | Introduced. | ## User Contributed Notes You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Fclasses%2Fwp_rest_server%2Fcheck_authentication%2F) before being able to contribute a note or feedback.