Add RFS API key setting with async validation

[Copilot]

Adds a new API key field in the Data Sync settings section with asynchronous validation against the Rent Fetch API. Validates on page load and via dedicated button, handling three response states: valid (200), not found (404), and already in use on another site (409).

Changes

Settings UI (lib/admin/sync-options.php)

• Added password-type input field for rentfetch_options_rfs_api_key
• Enqueues validation script with localized nonce and AJAX URL
• Positioned with other sync-related settings

AJAX Handler (lib/admin/ajax-validate-rfs-api-key.php)

function rfs_validate_api_key_with_api( $api_key ) {
    $response = wp_remote_post(
        'https://api.rentfetch.net/wp-json/rentfetchapi/v1/validate-key',
        array(
            'body' => wp_json_encode( array(
                'api_key'  => $api_key,
                'site_url' => wp_parse_url( get_site_url(), PHP_URL_HOST ),
            ) ),
        )
    );
    
    // Returns structured response based on HTTP status:
    // 200 => valid, 404 => not_found, 409 => in_use
}

Client-side Validation (assets/js/rentfetch-rfs-api-key-validation.js)

• Validates on button click with loading state
• Auto-validates on page load if key exists (silent)
• Renders WordPress-style notices for each validation state

Script Registration (lib/initialization/enqueue.php)

• Registered rentfetch-rfs-api-key-validation script in admin context

API Contract

Request: POST /wp-json/rentfetchapi/v1/validate-key

{
  "api_key": "...",
  "site_url": "example.com"
}

Response Codes:

• 200: Key valid
• 404: Key not found
• 409: Key in use on different site

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Add setting for RFS api key</issue_title>
<issue_description>We need a new setting for the Rent Fetch Sync API key.

We should put it with the other settings directly related to syncing. We don't need to be able to check this key against the Rent Fetch API yet, but we'll want to have a button separate from the main "save settings" button to check the key asynchronously.

We could go ahead and set up behaviors for the various things that could happen when the key is checked. It could succeed or might not be found, or could already be in use on another site.

On pageload, it should also hit the RF API and validate.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Add setting for RFS api key #2

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[jonschr]

Right now, I'm noticing that when we attempt to validate the API key that's typed in, obviously we don't have an endpoint yet that actually accepts that. So here's the sort of response that we get back:

{
"success": true,
"data": {
"status": "not_found",
"message": "No route was found matching the URL and request method."
}
}

However, even though this has a success: true, the data status is not found. We need to be looking at the data status, not just whether the request worked, because this ought to show a failure notification on the back end. Right now it doesn't show anything. Come up with your own ideas about what the possible statuses should be. The ones that I know about are:

• Not found (as we see here)
• API key already in use
  There are probably a few other potential states, but we need to be able to see logical input on the back-end for each of those, even though we don't have a place to accept that just yet on the other end of things.