惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - 三生石上(FineUI控件)
Martin Fowler
Martin Fowler
月光博客
月光博客
AI
AI
B
Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
C
CXSECURITY Database RSS Feed - CXSecurity.com
WordPress大学
WordPress大学
GbyAI
GbyAI
L
Lohrmann on Cybersecurity
O
OpenAI News
Schneier on Security
Schneier on Security
P
Palo Alto Networks Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
T
Troy Hunt's Blog
V2EX - 技术
V2EX - 技术
W
WeLiveSecurity
L
LINUX DO - 最新话题
人人都是产品经理
人人都是产品经理
S
Security Affairs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
A
Arctic Wolf
Recorded Future
Recorded Future
Microsoft Security Blog
Microsoft Security Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
G
GRAHAM CLULEY
N
Netflix TechBlog - Medium
TaoSecurity Blog
TaoSecurity Blog
C
Check Point Blog
Scott Helme
Scott Helme
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Apple Machine Learning Research
Apple Machine Learning Research
PCI Perspectives
PCI Perspectives
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Vercel News
Vercel News
The Hacker News
The Hacker News
Y
Y Combinator Blog
Latest news
Latest news
SecWiki News
SecWiki News
Hugging Face - Blog
Hugging Face - Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Google Online Security Blog
Google Online Security Blog
Webroot Blog
Webroot Blog
Google DeepMind News
Google DeepMind News
Recent Commits to openclaw:main
Recent Commits to openclaw:main
C
Cisco Blogs
博客园_首页
H
Hackread – Cybersecurity News, Data Breaches, AI and More
宝玉的分享
宝玉的分享
L
LINUX DO - 热门话题

Pressable

Pressable Achieves Secure Hosting Alliance Certification | Pressable How Pressable MCP Is Changing The Game For WordPress Agencies: A Live Breakdown With Matt Medeiros And Phill Clapham | Pressable April Product Update: Navigation, Organization, And Efficiency | Pressable White-Label WordPress Hosting For Profitable Agencies | Pressable A Guide To Client Onboarding For WordPress Agencies| Pressable WordPress Plugin Management for Agencies WordPress Maintenance Contracts For Agencies: A Complete Guide | Pressable 6 Essential SOPs For WordPress Agencies | Pressable Pressable MCP: Control Your WordPress Hosting With AI. | Pressable How Much Does WordPress Hosting Cost? WordPress Performance Budgets: Setting And Monitoring Goals | Pressable WordPress Automation With No Code Automation Tools | Pressable Implement Single Sign-On (SSO) In WordPress | Pressable How To Build A Real Estate Site On WordPress | Pressable Headless WordPress Showdown: Next.js Vs Gatsby | Pressable How To Automate White-Label WordPress Hosting With WHMCS | Pressable Developer Toolkit Update: Automation & UI Enhancements | Pressable How To Build A DXP Platform With WordPress How To Boost WordPress Agency Client Retention: 4 Strategies White Label WordPress Admin For Agency Clients Performance Testing For WordPress Agency Client Sites Performance Testing For WordPress: A Framework For Agency Client Sites How To Upload A Video To WordPress | Pressable How To Mitigate The Impact Of AI Scraper Bots On WordPress Sites WooCommerce ERP Integration: Automate Your Back Office WordPress Personalization: How To Display Tailored Content To Visitors | Pressable WooCommerce Conversion Rate Optimization: A Data-Driven Approach How To Price Your Online Course: WordPress Monetization Guide 7 Ecommerce KPIs You Should Be Measuring (and How to Optimize Them) WooCommerce Vs. BigCommerce: Which Is Best For Your Business Needs? | Pressable WooCommerce Performance Troubleshooting: Diagnosing Speed Issues Step-by-Step | Pressable AI Content Moderation Tools for WordPress: Fighting Back Against AI Spam WordPress Vs. Craft CMS: Which Is Right For Your Business Site? | Pressable Questions To Ask Before Migrating From Shopify To WooCommerce Outgrowing Squarespace? WooCommerce Can Help WordPress Automation: Google Docs To WordPress Workflow WooCommerce Subscription Strategies: How to Build Recurring Revenue for Your Store Is WordPress Easy To Learn? A Beginner’s Guide WooCommerce Database Optimization With Query Monitor | Pressable WPForms Vs Gravity Forms: Which WordPress Plugin Works Best For Growing Businesses? WooCommerce Vs. Shopify: Choosing The Right Platform The Best AI Chatbots for WordPress Rank Math Vs Yoast: Best WordPress SEO Plugin? 5 Ways AI For Ecommerce Boosts WooCommerce Sales | Pressable WordPress Cookie Consent: What Site Owners Need To Know | Pressable How To Optimize Your WooCommerce Store For AI Search | Pressable WordPress Local SEO: A Guide To Local Search For SMBs | Pressable How to Improve Your WordPress Site’s Search Experience WordPress vs. Substack: Find the Best Platform for Your Newsletter WordPress vs. Ghost: Comparing Open-Source Blog and Newsletter Solutions A Comprehensive Migration SEO Checklist For WordPress Drupal vs. WordPress: Comparing Open Source Content Management Systems How To Add Enterprise-Level Search Capabilities To WordPress Sites What Are WordPress Nonces And How To Use Them | Pressable How To Customize WordPress Without Breaking Your Theme | Pressable WooCommerce vs. Magento (Adobe Commerce): Which is Better for Your Online Store? Prepare Your WooCommerce Store For A High-Traffic Product Drop Tips On Building A Successful WordPress Sales Funnel | Pressable Best WordPress Integrations For Workflow Automation | Pressable WooCommerce Vs. Wix: WooCommerce Explained For Wix Users | Pressable How To Choose WordPress Lead Generation Plugins | Pressable GA4 For WordPress: Understanding Your Data | Pressable WordPress Accessibility for Visually Impaired Users WordPress Information Architecture For Businesses | Pressable How To Use WordPress As A Headless CMS | Pressable How To Use Composer For Modern WordPress Development | Pressable WordPress GitHub Workflows: Version Control Best Practices How To Evaluate A WordPress Plugin Before Installing It | Pressable Billing Clients For WordPress Hosting | Pressable Advanced WooCommerce Cart Abandonment Strategies | Pressable How To Perform A WordPress Security Audit | Pressable How Managed WordPress Hosting Reduces Ops Workload | Pressable The Ultimate Ecommerce CRO Guide | Pressable How to Set Up a Business Continuity Plan for Your WordPress Website How to Hire the Best WordPress Developer for Your Site Common Mistakes When Choosing A WordPress Host | Pressable Beaver Builder Vs. Elementor: Which Page Builder Is Better Streamlining Website Handoff With Managed WordPress Hosting How WordPress Agencies Build Recurring Revenue | Pressable How To Customize WooCommerce Product Pages | Pressable SEO Tip For Migrating Your WordPress Domain | Pressable When To Switch To Enterprise WordPress Hosting | Pressable WooCommerce PIM Tools For Growing Ecommerce Stores | Pressable Automating WordPress Security: Tips To Prevent Cyberattacks Integrating POS With WooCommerce | Pressable Scale Your WordPress: Automation Tips For Growth, Efficiency, And Reliability | Pressable How To Edit Your WordPress Database Safely | Pressable Boosting Conversions, Not Load Times: Performance-Focused A/B Testing of Landing Pages in WordPress WooCommerce Migration: Avoid Downtime and Data Loss With These Essential Tips How To Improve Core Web Vitals on Your WordPress Site How To Run Successful SEO Experiments On WordPress | Pressable Automated WordPress Website Backups | Pressable Grow Ecommerce Sales With WooCommerce Dynamic Pricing LearnDash vs LifterLMS: Which WordPress LMS is Right for You? What Is High Availability Hosting For WordPress? | Pressable Tips On Managing WooCommerce Traffic Spikes | Pressable What To Do When A WordPress Plugin Breaks Your Site Automating Agency Workflows With WordPress Webhooks How To Automate Tasks In WooCommerce With Action Scheduler Why WordPress Downtime Costs And Uptime Guarantees Matters WordPress Cleanup: How to Uninstall WordPress Plugins Without Breaking Your Site
REST API In WordPress: When, Why, And How To Use It | Pressable
Obatarhe Otughwor · 2022-11-04 · via Pressable

Woman wearing pink cardigan sitting on round chain using laptop on lap

Ask Your Favorite AI

Copy the link to a markdown format of this article for ChatGPT, Claude, Gemini, or your favorite AI.

Think of how much of your business data you store in WordPress. What if you could access it and use it in different applications? Thankfully, you can do that with the REST API in WordPress.

The REST API expands the power of WordPress beyond your website. Advanced developers can use the API to connect WordPress with other sites and applications. 

This post is your introduction to the WordPress API and how you could use it. 

About APIs

Let’s start with some basics. What does API stand for? An API is an Application Programming Interface. An API allows two applications to communicate with one another. 

APIs are the backbone of the modern internet. You probably use hundreds of APIs without realizing it. Companies often create APIs to encourage developers to use their services on their sites and applications. A common example is the Google Maps API, which allows developers to embed maps with the full Google Maps functionality into their sites. 

What is a REST API?

A Representational State Transfer, or REST, API complies with a set of standards that allow two different systems to work together. Without the REST protocols, the systems wouldn’t be compatible. 

5 essential elements to make an API ‘RESTful’:

  1. Client-Server Architecture. The client and server applications have to be separate to promote independent development. The server side is the platform the API belongs to, in this case, WordPress. The client is the application trying to connect to the platform. As the server-side technology evolves, the client-side application still needs to be able to access it using the same methods.
  2. Uniform Interface. Every part of the API needs to function using the same interface, language, and methods. For example, the URLs used to access resources must be consistent and uniform. 
  3. Stateless Protocol. REST APIs require the use of a stateless protocol. The client request provides all the data upfront, and the server response should include everything the client needs. Nothing about the request should be stored on the server. This approach reduces memory utilization and error potential. 
  4. Caching. A RESTful API uses cacheable data for better efficiency and speed.  
  5. Layered System. Developers build REST APIs using layers. The layers can interact, but they’re separate with their own functions. This layered approach makes it easier to update the API while also improving security. 

The key takeaways to these RESTful protocols are that WordPress allows you to interface with your site without compromising security, privacy, or performance by enabling a REST API. The REST API also adopts a common internet standard, making it easier for developers to access the API without learning something new. 

About the WordPress REST API

The REST API in WordPress started as a plugin to add functionality to the platform. The API was fully integrated into the core WordPress software with Version 4.7 in 2016. 

While originally intended and still widely used to enable separate applications to connect to your WordPress site, the REST API plays a key role in many recent WordPress advancements. The REST API in WordPress is the foundation of the new Block Editor. Many theme, plugin, and custom application developers are using the REST API to manage and publish WordPress content. 

What Do I Need to Know to Use the WordPress REST API?

To take advantage of the REST API in WordPress, you must be familiar with HTTP request methods and JSON. 

WordPress uses JSON or JavaScript Object Notation as the format for exchanging data in the REST API.

The Basics of the WordPress REST API

At the most basic level, an API processes a request that returns a response. The client (the app you built) asks the server (WordPress) to do something, and the API makes it happen. 

Basic HTTP request methods used in the WordPress REST API are:

  • GET. Use this command to retrieve something from WordPress, like a particular piece of data. 
  • POST. This command adds a resource to WordPress, like creating a post. 
  • PUT. This command enables you to edit or update an existing resource on the server. 
  • DELETE. Use this command to remove something from WordPress. 

The actual API interactions are a bit more complicated and involve these basic elements. 

Key Concepts of the WordPress REST API

Your API response cycle will include these basic elements: 

  • Routes and Endpoints. Routes are URLs you enter to make a request. The endpoint combines a URL with an HTTP method. 
  • Requests. A submitted endpoint makes a request to the server. 
  • Responses. If you submitted a properly configured endpoint, you’ll receive a response with the data you requested in JSON format. 
  • Schema. The schema is the properties and input parameters the WordPress REST API accepts and returns. 
  • Controller Classes. Think of the controller classes as the instructions for how you want the request to be handled. Controller classes manage and coordinate all the moving parts of an API response cycle. 

For a more in-depth look at exactly how the WordPress REST API works and all the available options, read the REST API Handbook from WordPress’ Developer Resources.

Is the WordPress REST API Secure?

At first glance, you may wonder if anyone can access your site and start deleting posts via the API. Fortunately, any API requests that perform changes or access sensitive data require authentication.

The WordPress REST API Handbook puts it this way: 

“The REST API is a developer-oriented feature of WordPress. It provides data access to the content of your site, and implements the same authentication restrictions — content that is public on your site is generally publicly accessible via the REST API, while private content, password-protected content, internal users, custom post types, and metadata is only available with authentication or if you specifically set it to be so.”

Why the REST API Matters for WordPress Developers

Not everyone loves PHP or the WordPress development libraries. With the REST API, developers are no longer constrained. The API opens up WordPress development for people who don’t like or are still learning PHP.

WordPress is an excellent content management system. It’s simple for even technical novices to input content into the system. The REST API allows developers to access all that content and display and use it in new and interesting ways. It’s the best of both worlds. You get a system that’s easy for clients to input content into, and you get even more options for how to build great experiences. The main selling point for the REST API is that it should lead to faster and simpler development. 

How to Access and Use the WordPress API

The WordPress REST API is enabled by default for all WordPress sites. Many WordPress features, such as the editor, work off of the API, so it’s not something you would want to disable. 

You can access the API through a browser to get an idea of how it works.

Go to example.com/wp-json/wp/v2/posts

You’ll see a list of all your posts. 

This type of basic HTTP request is what you’d send using an application. You can also interact with the API using the WordPress command line interface

Client Libraries 

Client libraries make it easy to connect an external application to the WordPress API using the programming language of your choice. 

A word of caution: Only Backbone.js is officially recommended and maintained by WordPress. 

Built-In Routes and Endpoints

The API allows authenticated or logged-in users to complete most content management functions you can do inside the WordPress admin. You need to know the right route and endpoint. 

ResourceBase Route
Block Directory Itemsexample.com/wp-json/wp/v2/block-directory/search
Block Rendererexample.com/wp-json/wp/v2/block-renderer
Block Revisionsexample.com/wp-json/wp/v2/blocks/<id>/autosaves/
Block Typesexample.com/wp-json/wp/v2/block-types
Blocksexample.com/wp-json/wp/v2/blocks
Categoriesexample.com/wp-json/wp/v2/categories
Commentsexample.com/wp-json/wp/v2/comments
Mediaexample.com/wp-json/wp/v2/media
Page Revisionsexample.com/wp-json/wp/v2/pages/<id>/revisions
Pagesexample.com/wp-json/wp/v2/pages
Pluginsexample.com/wp-json/wp/v2/plugins
Post Revisionsexample.com/wp-json/wp/v2/posts/<id>/revisions
Post Statusesexample.com/wp-json/wp/v2/statuses
Post Typesexample.com/wp-json/wp/v2/types
Postsexample.com/wp-json/wp/v2/posts
Searchexample.com/wp-json/wp/v2/search
Settingsexample.com/wp-json/wp/v2/settings
Tagsexample.com/wp-json/wp/v2/tags
Taxonomiesexample.com/wp-json/wp/v2/taxonomies
Themesexample.com/wp-json/wp/v2/themes
Usersexample.com/wp-json/wp/v2/users

WordPress API Example Requests

Most developers will work with posts, so let’s look at some examples of what you can do with posts through the API. We’ll show the example requests as a curl command you’d use in the CLI. 

Updating an Existing Post

curl -X POST https://example.com/wp-json/wp/v2/posts/<id> -d '{"title":"New Post Title"}'

You’d put the ID number that comes after /posts/ so the system knows which post you want to modify, and what’s between the brackets is the change we want to make. In addition to updating the content, you could also change the status of a post. 

Finding a Post

The updating a post feature is only helpful if you know the post ID you want to edit. To view a list of all your posts, you’d use this request. 

curl https://example.com/wp-json/wp/v2/posts

You can add filters to narrow the list down by searching for a particular author, dates, and other variables.

Best Practices for Working with the WordPress API

Global Parameters

Global Parameters apply to every resource and control how the API handles the request. They are:

  • _fields
  • _embed
  • _method (or X-HTTP-Method-Override header)
  • _envelope
  • _jsonp

The API documentation spells out how to use each one. One of the most common use cases is using the _fields parameter to narrow down which fields are included in the response. For example, if you wanted to display a list of posts but not the full content, you could query for just the post title and permalink. If you don’t specify, it will return every piece of data about the post. This is one way using global parameters can lead to faster and more efficient responses. 

Permissions and Authentication

You can create a specific authentication password to include with your API requests. Go to your user profile in the WordPress Admin and go to the section called Application Passwords. 

Give your Application Password a name and click Add New Application Password

Security Considerations: Protecting Data and Resources

Hackers can exploit the REST API to gain access to your website. To keep your site secure, follow these best practices:

  • Regularly back up your site. 
  • Use a Web Application Firewall (WAF).
  • Install a security plugin like Jetpack. 

Custom Routes and Endpoints

The REST API is so powerful because of how you can customize it to anything you want to build. The default routes and endpoints cover most of the use cases, but WordPress also includes a way for users to build their own routes and endpoints. Check out this documentation for examples of how to go about building your own custom routes. 

Replacing Admin AJAX Requests

AJAX was introduced in WordPress 2.0 and was the primary way of accessing WordPress data. But it has its limitations and can sometimes slow down your site. Replacing heavy AJAX requests with the REST API can improve site performance. 

Common Challenges and Errors with the REST API

When beginning to use the REST API, you may encounter some of these common issues. 

Performance Optimization

If you’re getting slow responses or timeouts, start by looking at your server. You need a robust hosting plan, like Pressable’s managed WordPress hosting. You also should look for any plugin and theme conflicts. Finally, the size of the request or an unoptimized database could slow down your API responses. 

Adding caching for REST API responses is another way to solve speed issues. 

403 Forbidden Error: Unauthorized Access

You didn’t have the right access if you get a 403 error as a response to a request. It could mean you’re not using the API key or password correctly in the header. Firewalls or security plugins also could block access to a resource. 

Start by double-checking your authentication method and then check your plugin and firewall settings. 

What Can I Do with the WordPress REST API

The possibilities are endless with this API. Let’s look at some of the ways you could use the REST API. 

Add External Data to Your Site

You can retrieve and add data to your WordPress site using the API. For example, a media company could pull updates from a Slack channel to create a live blog of all their reporters working on a big story, such as election night. 

Use Your WordPress Content in an External Application

You also can use the API to display your WordPress data in another application. One of the most common uses of the REST API in WordPress is to pull out site content to use in a mobile app. 

Create Easier Ways to Manage Your Site

The API also allows you to create new ways to manage your site. The most notable example is WordPress.com’s Calypso project. 

The Calypso project is a reinvention of the WordPress Dashboard (WP-ADMIN). Calypso allows a user to centrally manage multiple WordPress sites and create content within a mobile-friendly user interface. It also loads significantly faster. You can read all about the story of Calypso. The creation of Calypso also allowed for the creation of a WordPress desktop app available on MacOS/Windows/Linux.

Build New Interfaces for Editing Content

You also can use the API inside WordPress to create more intuitive interfaces for editing and managing content. For example, the API powers the new block editing features as well as many plugins. Understanding how the API works would be helpful if you want to create custom Gutenberg blocks. 

For a taste of how the REST API changed the game with block editing, download our e-book on the basics of Full Site Editing. The e-book walks you through how to accomplish several common tasks only using blocks. This change in how to edit and manage WordPress sites wouldn’t be possible without the REST API. 

But if you want someone to add content to your site without giving them full access to WordPress, you could use the API to create a custom editing interface that only included the fields and post types you wanted them to fill out. 

Build New Front-End Presentations

The REST API enables creative and flexible ways to present content on your WordPress website. Theme developers may find it easier to rely on the API instead of PHP. 

What Other APIs Does WordPress Offer?

The REST API is just one of many APIs WordPress provides. The REST API is the most robust and allows you the most flexibility in how you use it. The rest of the WordPress APIs are primarily used in plugin development, but they’re still an option to consider, depending on what you’re building. You can learn more about the other available APIs on the WordPress Codex site

If you run an eCommerce store using WooCommerce, you can use the WooCommerce REST API

Do I Need to Use the REST API in WordPress? 

No, you don’t have to use the REST API, but you probably already are. The API is the basis for so many new features and plugins that you’re likely taking advantage of it on your site without realizing it. 

As to whether you should start building your own applications or projects using the API, that’s a matter of personal preference and comfort level with the technology. 

Use the REST API when you want to use a language other than PHP or are worried about performance issues. 

Use the REST API When You Don’t Want to Use PHP

If you want to write a theme, plugin, or external application as a client-side JavaScript application or standalone program in any language besides PHP, use the WordPress REST API to access content with your WordPress site. 

Use the REST API for Better Performance

Using the new WordPress REST API allows developers to create cutting-edge new features without using a ton of server-side resources. That means most features developed using the REST API will be faster than if developed using PHP. It also means you can deliver remarkable user experiences without adding expensive infrastructure.

The REST API also allows you to more easily adopt a headless approach. You can separate front-end and back-end and connect via the API for more efficient development and better scaling.

If you want to learn more about how to take advantage of the WordPress REST API, check out these resources:

Optimal Site Performance with the REST API in WordPress and Pressable

We’re excited about what the REST API is doing for WordPress. It means there will be a lot of new features that will be faster and more sophisticated. It also means you can add more advanced, engaging, and immersive user experiences to a WordPress site, all without a major sacrifice to site performance.

At Pressable, we’ve dedicated a lot of resources and our engineers’ brainpower to ensure our clients never have to sacrifice site performance. 

We utilize non-volatile memory express (NVMe) servers with improved response times, enhanced queuing, and optimal security. Your site runs faster and safer and will rank better in search engines. 

The NVMe server infrastructure is about 10 times faster than the standard SSD technology used by most other hosting companies. You can trust our servers to respond quickly and scale effortlessly, no matter what you build or what method you built it with. 

We also make it easier to test out and learn the WordPress REST API. From WP-CLI support to free staging sites, Pressable includes the developer-friendly features and support you need from a hosting service. 

Sign up for a demo to learn more about why Pressable is the best choice for WordPress developers. 

Obatarhe Otughwor

Obatarhe is a passionate WordPress enthusiast, dedicated community volunteer, and tech advocate with a proven track record of delivering exceptional customer experiences. With a background as a Product Expert at Google, he brings extensive technical expertise across various domains including WordPress support, remote technical assistance, and software development. Known for his empathetic approach and problem-solving mindset, Obatarhe consistently earns 5-star ratings by understanding each customer’s unique needs and providing thoughtful, tailored solutions. In his current role as a Customer Success Engineer, he excels in delivering personalized service that not only resolves issues effectively but also builds lasting customer trust and satisfaction. Beyond customer support, Obatarhe is skilled in Python, JavaScript/Node.js, PHP, Laravel, HTML, CSS, and Git. He has developed and deployed an election campaign tracking API using Node.js, hosted on Heroku and GitHub and also contributing to some WordPress plugin open source projects showcasing his ability to translate ideas into functional solutions. When he's not working, Obatarhe enjoys traveling and capturing breathtaking landscape photography—blending his love for technology and nature into a well-rounded lifestyle.