Appearance
Require Auth
The Require Auth node gates pipeline execution behind authentication requirements. If the check fails, it returns an error and blocks all downstream nodes. If it passes, input flows through unchanged.
Configuration
| Property | Type | Default | Description |
|---|---|---|---|
require | string | logged_in | Authentication level: logged_in, role, or capability. |
role | string | -- | Required role name when require is role (e.g., administrator, editor, subscriber). |
capability | string | -- | Required capability when require is capability (e.g., edit_posts, manage_options). |
Input
Accepts any data type. The node does not inspect the input data -- it only checks WordPress authentication state.
Output
- Auth passes: Returns the input data unchanged.
- Auth fails: Returns an error object:
json
{
"_error": "Authentication required",
"_auth_failed": true
}Or for role/capability failures:
json
{
"_error": "Role \"editor\" required",
"_auth_failed": true
}Authentication Levels
logged_in (default)
Checks is_user_logged_in(). Any authenticated WordPress user passes.
role
Checks if the current user has the specified role. Uses wp_get_current_user()->roles.
require: "role"
role: "administrator"capability
Checks if the current user has a specific WordPress capability. Uses current_user_can().
require: "capability"
capability: "manage_options"Example Use Cases
Protect a form submission pipeline
Place Require Auth at the start of an action pipeline to ensure only logged-in users can submit:
Context --> Require Auth (logged_in) --> Validate --> Save Row --> OutputAdmin-only data access
Context --> Require Auth (role: "administrator") --> Table Query --> ResultCapability-based access control
Context --> Require Auth (capability: "edit_posts") --> Update Row --> OutputWARNING
Always use Require Auth in action pipelines that write data. Without it, anonymous users could submit forms or modify data if they discover the REST endpoint.
TIP
For displaying different UI based on auth state (without blocking), use the user_can() or user_has_role() expression functions in visibility rules or If/Else conditions instead.