iarriola Just a remark: What the above code does, is extremely dangerous...do you realize that because you use restadmin() and a USER-DEFINABLE $_GET parameter "userId", that ANYBODY could get the personal_data of any other user, not just himself...
In other words: restadmin() elevates anybody to Admin level in terms of API permissions, and you allow the user to specify the ID of the user to query personal_data about...
I would say, be happy it returns an empty object for now =)!
Hi luk, thanks a lot for the heads up. And yes, I understand how restadmin() works. What's missing on the custom endpoint is a security validation, to see if the logged in user is an API admin user, the endpoint not published yet, and is not intended to be open to the public and community, but for been consumed by a backend service, what's posted here, is just a quick script to check how the data looks like and how can be consumed internally.
Thanks again :)!
