Screenshot WOW SAVE 20% on the All Access Bundle. Use "OAUTH20OFF" at checkout.
3rd Party Integration

Extending Endpoints

Published: October 4, 2018 | Updated: August 9th, 2021
  1. Home
  2. Docs
  3. How To
  4. Extending Endpoints

At some point, you may need to change the data provided by WP OAuth Server’s resource endpoints. Data can be modified by using a filter.

The filter that contains the endpoints and callbacks used is wo_endpoints.


The following code can be placed in your theme’s functions file or a custom plugin to modify the user endpoint (oauth/me) and the data that is returned.

add_filter('wo_endpoints','wo_extend_resource_api', 2);
function wo_extend_resource_api ($methods){
 $methods['me'] = array('func'=>'_wo_me_1');
 return $methods;

* Replaces the default me enpoint
* @param [type] $token [description]
* @return [type] [description]
function _wo_me_1 ( $token=null ){
 $user_id = &$token['user_id'];

 global $wpdb;
 $me_data = $wpdb->get_row("SELECT * FROM {$wpdb->prefix}users WHERE ID=$user_id", ARRAY_A);

 /** prevent sensative data - makes me happy ;) */
 unset( $me_data['user_pass'] );
 unset( $me_data['user_activation_key'] );
 unset( $me_data['user_url'] );
 unset( $me_data['session_tokens'] );

 // add user metadata
 $infometa = $wpdb->get_results("SELECT meta_key, meta_value FROM {$wpdb->prefix}usermeta WHERE user_id = ".$user_id."");
 foreach ($infometa as $metarow) {

 $key = $metarow->meta_key;
 if( is_serialized( $metarow->meta_value ) ){
 $me_data[$key] = unserialize( $metarow->meta_value );
 $me_data[$key] = $metarow->meta_value;

 $response = new WPOAuth2\Response($me_data);

Each method added to the endpoints will be sent to the token object. Take note of the parameter “$token” in the example above. The token object contains data specific to the client and user that is currently using the endpoint.

The token object (unless modified) will contain the following data:

  • id – ID assigned for storage
  • access_token – The access token.
  • client_id – The client being used.
  • user_id – The WP asigned user ID for the authenticated user asigned to the access token.
  • expires – Unix Timestamp the token expires.
  • scope – Scopes attached to the access token.

Modifying the User Data Return

There is a way to modify the data returned from the endpoint “/oauth/me” without having to extend the entire method. This can be done by using the “wo_me_resource_return” filter.

The filter looks like this:

$me_data = apply_filters('wo_me_resource_return', $me_data, $token);

Take note that the filter sends two parameters; the user data and the current access token for that user. Simply add, modify, and or delete the data and return it back to the filter.

Visit to see how to add a filter for WordPress.