\n\n\n\n
What Is WordPress REST API?<\/h2>\n
\nWordPress REST API is an interface that lets you integrate the CMS with other third-party applications. It allows you to develop software or websites that use WordPress’ data, functionality, and content without having to access them directly.
\n
\nWordPress REST API works by providing endpoints for retrieving and manipulating content as JSON data to ensure compatibility regardless of the programming languages.<\/p>\n <\/div>\n\n\n\n<\/p>
How WordPress REST API Works<\/h3>
An application programming interface (API) provides a set of rules allowing two web services to interact. Meanwhile, REST stands for Representational State Transfer, an architectural standard defining such communications.<\/p>
A web app that adheres to the REST principles is considered RESTful. For example, it must use a uniform interface, providing a single access point to allow other applications to access its data.<\/p>
To exchange data, the REST API sends the WordPress database a request<\/strong>, which is a set of instructions specifying information your application needs. In return, it sends a response containing the content and confirmation whether the process is successful.<\/p> Your application or client uses routes <\/strong>to determine which data to retrieve. These are URLs that locate specific content via the WP REST API, like WordPress posts or metadata. For instance, the following lets you access pages:<\/p> These routes will access the endpoint<\/strong> functions in WP REST API that manipulate requested data. You can retrieve, add, edit, or remove the information depending on the hypertext transfer protocol (HTTP) methods<\/strong>:<\/p> All the retrieved data will be shown in JSON format<\/a>, meaning you must parse it before passing it to another code.<\/p> The REST API functionality is enabled by default in the WordPress installation. After purchasing a WordPress hosting plan<\/a> and setting up the CMS, access the following link to verify if REST API is enabled:<\/p> Remember to replace domain.tld <\/strong>with your own website address. If you see a list of endpoints, the WordPress REST API is active. Note that this feature is only available for WordPress 4.7<\/strong> or later.<\/p> We recommend setting up a local testing environment for your WordPress development activities to prevent potential misconfigurations or unwanted errors that could impact website availability or user experience.<\/p>\n <\/div>\n\n\n\n<\/p> Now, install the cURL utility<\/a> in your local machine’s command-line interface (CLI), like Command Prompt or Terminal. It lets you send and receive requests from the WordPress server for testing.<\/p> Next, install the WordPress REST API Basic Auth<\/a> handler to configure your verification method. It lets you access private data that requires administrative privileges.<\/p> After installing the plugin, we can start sending HTTP requests via WordPress REST API. To do so, open WP-CLI<\/a> and connect to your site via SSH. Hostinger users can find the credentials by going to hPanel<\/strong> → Website Management <\/strong>→ Advanced <\/strong>→ SSH Access<\/strong>.<\/p> Let’s try accessing restricted data to verify if the WP REST API authentication works properly.<\/p> For example, we will run the following prompt in the local system’s command-line application to retrieve unpublished posts:<\/p> After setting up your hosting and testing environment, we can start using WordPress REST API. Here are some of its everyday use cases:<\/p> Important!<\/strong> Before proceeding, ensure you understand API call methods and JSON format to interpret the raw data much more quickly.<\/p><\/div>\n\n\n\n<\/p> Use the GET method to retrieve data from your WordPress website via JSON REST API. For example, we’ll fetch content from the posts<\/strong> endpoint:<\/p> This API request will print all posts from your WordPress site, including details like ID, content, and title. If you run it using cURL, the output should look as shown below.<\/p> You can also fetch pages using the corresponding endpoint:<\/p> The output is similar, but the command will retrieve all pages<\/strong> instead of posts<\/strong>. You can also query custom post type<\/a> by specifying their name in the endpoint:<\/p> For example, use the following prompt to retrieve product-pages<\/strong> custom posts:<\/p> Important!<\/strong> Remember to use cURL to test REST API requests via WP-CLI. For the actual application code, use functions or libraries like JavaScript’s Fetch<\/a> instead.<\/p><\/div>\n\n\n\n<\/p> You can use a query parameter to modify the output, like paginating or sorting the data. For example, use the following endpoint to reorder posts based on their creation date in ascending order:<\/p> Meanwhile, use page <\/strong>and per_page <\/strong>query parameters to retrieve a specific number of posts from a particular page. Here’s an example:<\/p> Using the endpoint, the GET method will group posts into multiple pages, each containing 10 entries, and fetch the second one.<\/p> WordPress provides various other query parameters to filter data based on specific criteria. To learn more about them, read the documentation about posts REST API references<\/a>.<\/p> The POST method lets you add new content to the WordPress database using a particular endpoint. For example, use the following prompt to create a blank post:<\/p> You can also create new pages or custom post entries using their respective WordPress REST API endpoints like so:<\/p> To make a proper entry with a title<\/strong>, publishing status<\/strong>, and content<\/strong>, specify these details in your application’s code.<\/p> Furthermore, the WordPress REST API POST request commonly requires administrative privileges. If you are using authentication methods like open authentication (OAuth), ensure to add the verification token.<\/p> You should also add response validation, enabling your application to confirm whether the POST API request is successful.<\/p> WordPress REST API PUT method lets you modify a specific post, page, or custom post entry using its ID. For example, you can insert new content or change the publishing status.<\/p> The syntax is similar to other API call methods but has the post ID at the end of the route:<\/p> Next, specify the data you want to modify. For instance, to insert new content, add the following line:<\/p> Deleting posts, pages, or custom post entries also uses their ID, like in the example below:<\/p> By default, the DELETE method moves data to the recycle bin, allowing you to recover it later if needed. For permanent deletion, add the force <\/strong>parameter like so:<\/p> \n Warning!<\/strong> We recommend avoiding the force argument if possible since it might cause accidental data loss. <\/p>\n \n\n\n\n<\/p> WordPress REST API provides several default endpoints with pre-defined functionalities. However, these might be insufficient if your application needs specific data.<\/p> While you can customize outputs from default endpoints using filters or query parameters, the process is ineffective due to extra code. Moreover, it might be difficult to fetch extra content like form submissions.<\/p> To simplify data access for particular needs, create custom endpoints in WordPress. You can do so by modifying your theme’s <\/strong>functions.php<\/a> via the theme file editor<\/strong> or by building a custom WordPress plugin.<\/p> Add the following code snippet to register a custom endpoint, including its route, callback function, and query method:<\/p> Then, specify the callback function to be triggered when the endpoint is accessed. It will handle data manipulation and return the requested response.<\/p> For example, your WordPress site has forms whose submissions are registered as custom posts. You can create a custom endpoint that lets you retrieve the entries by adding the following code snippet:<\/p> The get_posts function<\/a> iterates through the submissions, which you can then access using the GET method:<\/p> WordPress REST API authentication ensures secure data transmission with valid clients. Users can implement various mechanisms depending on their application requirements.<\/p> WordPress uses cookie authentication <\/strong>by default. It <\/strong>assigns logged-in users authentication cookies, which will be included in the request header for subsequent API calls. This method is simple but unsuitable for third-party web services that require authentication outside WordPress.<\/p> Another method is OAuth, which uses an authentication token to validate requests from your web service. Since it doesn’t use user credentials, it offers higher flexibility and reliability. However, the setup process can be complicated for some.<\/p> To configure OAuth, use the official plugin from the WordPress REST API GitHub repository<\/a>. Also, we recommend OAuth 2.0 since it is simpler to implement, more scalable, and uses a newer architecture than version 1.0.<\/p> WordPress REST API is helpful for various web development tasks and applications. For example, you can retrieve posts from the CMS and display them to other websites for content distribution.<\/p> Another use case is enabling data submission from an existing static site to the WordPress backend. It simplifies the development process since you can leverage the CMS’ capabilities to store the data instead of configuring a database manually.<\/p> WordPress API integration also lets you automatically update your site’s content. For example, you can push posts from Apple News to your website using the PUT method without logging in.<\/p> A more advanced use case for REST API is creating a headless CMS. For example, you can create news-centric mobile apps that use the WordPress dashboard for content management.<\/p> API’s real-world applications include fetching specific post data from the database for the block editor. Another example is displaying Google Maps on WordPress sites using plugins.<\/p> To efficiently use the WordPress REST API feature for web development and integration, consider the following best practices.<\/p> Set Up Proper Authentication<\/strong><\/p> Setting up proper authentication improves WordPress REST API security, ensuring only authorized users or applications can access sensitive data.<\/p> It helps minimize security vulnerabilities, preventing unauthorized access and data breaches. To choose the best method, consider the scalability, ease of implementation, and your requirements.<\/p> Sanitize Inputs<\/strong><\/p> Sanitizing input in WordPress REST API matters, especially when working with public data that all users can access. It involves validating and cleaning input from external sources to prevent malicious code from infiltrating the CMS.<\/p> It also helps safeguard your WordPress from security vulnerabilities like SQL injection and cross-site scripting (XSS).<\/p> WordPress provides built-in functions for sanitizing input data, like sanitize_text_field()<\/strong>, sanitize_email()<\/strong>, and sanitize_url()<\/strong>. Add them to your application’s code for those that will receive and parse the retrieved content.<\/p> Leverage Caching<\/strong><\/p> Caching helps optimize your WordPress website performance and scalability. It reduces server load and improves response times by storing frequently accessed data in memory, allowing clients and the API to retrieve the data faster.<\/p> Minimizing server load also helps maintain WordPress API uptime during traffic spikes. If too many clients send requests simultaneously, the database might be unable to handle them, causing downtime.<\/p>http:\/\/domain.tld\/wp-json\/wp\/v2\/pages\n<\/pre>
\n
How to Set Up Your Environment for WordPress REST API<\/h2>
http:\/\/domain.tld\/wp-json\/\n<\/pre>
![\"](\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2024\/03\/list-of-endpoints-in-wp-json-file-1024x307.png\")
<\/a><\/figure><\/div>Pro Tip<\/h4>\n
![\"\"](\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2024\/06\/New-WP_in-text-banner-1024x300.png\")
<\/a><\/figure>curl -X GET --user username:password -i http:\/\/domain.tld\/wp-json\/wp\/v2\/posts?status=draft<\/pre>
![\"WordPress](\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2024\/03\/wordpress-rest-api-get-request-fetches-private-data-1024x510.png\")
<\/a><\/figure><\/div>How to Use WordPress REST API<\/h2>
1. Fetching Data with GET Requests<\/h3>
GET http:\/\/domain.tld\/wp-json\/wp\/v2\/posts\/\n<\/pre>
![\"WordPress](\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2024\/03\/wordpress-rest-api-get-request-fetches-posts-1024x411.png\")
<\/a><\/figure><\/div>GET http:\/\/domain.tld\/wp-json\/wp\/v2\/pages\/\n<\/pre>
GET http:\/\/domain.tld\/wp-json\/wp\/v2\/custom-post-type\/\n<\/pre>
GET http:\/\/domain.tld\/wp-json\/wp\/v2\/product-page\n<\/pre>
\/wp-json\/wp\/v2\/posts?orderby=date&order=desc\n<\/pre>
\/wp-json\/wp\/v2\/posts?page=2&per_page=10\n<\/pre>
2. Creating Content with POST Requests<\/h3>
POST http:\/\/domain.tld\/wp-json\/wp\/v2\/posts\/\n<\/pre>
POST http:\/\/domain.tld\/wp-json\/wp\/v2\/pages\/\nPOST http:\/\/domain.tld\/wp-json\/wp\/v2\/custom-post-types\/<\/pre>
3. Updating and Deleting Content<\/h3>
PUT http:\/\/domain.tld\/wp-json\/wp\/v2\/posts\/ID\n<\/pre>
{\n\"content\" = \"publish\"\n}\n<\/pre>DELETE http:\/\/domain.tld\/wp-json\/wp\/v2\/posts\/ID\n<\/pre>
DELETE http:\/\/domain.tld\/wp-json\/wp\/v2\/posts\/567?force=true\n<\/pre>
4. Working with Custom Endpoints<\/h3>
![\"The](\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2024\/03\/functions-php-in-wordpress-theme-file-editor-1024x523.png\")
<\/a><\/figure><\/div>add_action( 'rest_api_init', function () {\n register_rest_route( 'your_namespace\/v1', '\/your_endpoint\/', array(\n 'methods' => 'GET',\n 'callback' => 'your_endpoint_callback',\n ) );\n} );\n<\/pre>function your_endpoint_callback( $data ) {\n \/\/ Your logic to handle the request like returning a JSON response\n return array( 'message' => 'Your custom endpoint works!' );\n}\n<\/pre>add_action( 'rest_api_init', function () {\n register_rest_route( 'custom\/v1', '\/form-submissions', array(\n 'methods' => 'GET',\n 'callback' => 'get_form_submissions',\n ) );\n} );\n\nfunction get_form_submissions() {\n $args = array(\n 'post_type' => 'form_submission',\n 'posts_per_page' => -1,\n );\n\n $form_submissions = get_posts( $args );\n\n $response = array();\n foreach ( $form_submissions as $submission ) {\n $response[] = array(\n 'id' => $submission->ID,\n 'title' => $submission->post_title,\n 'content' => $submission->post_content,\n 'author' => $submission->post_author,\n 'created_at' => $submission->post_date,\n \/\/ Add more fields as needed\n );\n }\n\n return $response;\n}\n<\/pre>GET http:\/\/domain.tld\/wp-json\/custom\/v1\/form-submissions\n<\/pre>
5. Selecting Authentication<\/h3>
WordPress REST API Examples<\/h2>
Best Practices for Using the WordPress REST API<\/h2>