If you are a developer looking to take your WordPress development skills to the next level, then the WordPress REST API is a tool that you simply can’t afford to ignore.
The REST API has opened up new possibilities for WordPress development, making it easier to integrate WordPress with other systems and technologies, and enabling developers to create more powerful and innovative solutions. It is a powerful interface that allows developers to access and manipulate WordPress data using standardized HTTP requests.
On that note, we will discuss how the REST API has revolutionized the way developers interact with WordPress, enabling them to create custom applications, plugins, and websites that communicate with WordPress seamlessly and efficiently.
What is a REST API?
An API, or Application Programming Interface, is a communication protocol or interface that aims to simplify the development of client-side software by facilitating communication between a server and a client. In simpler terms, an API is a set of codes that enables one system to interact with another.
On the other hand, REST, or Representational State Transfer, establishes guidelines that web systems can use to communicate with one another. If not for REST, the two systems wouldn’t be able to comprehend each other and exchange data.
The key difference with a REST API is that it permits external systems to interact with WordPress, which is where the REST aspect becomes relevant.
The Requirements of REST API
To be considered RESTful, an application must comply with five principles:
- Firstly, it should have a uniform interface with consistent and accessible URLs that can be accessed through standard approaches like GET.
- Secondly, the client and server applications should be separate from each other, allowing for independent development. If the server-side technology (such as WordPress) changes, the server-side application should still be able to access it using the same uncomplicated method.
- Thirdly, the server should be stateless and not change states when a new request is made via the API. It should not store any made requests.
- Fourthly, all resources should be cacheable to improve speed and conformity to web standards. The caching can be implemented either on the server or client side.
- Lastly, a RESTful system should allow the use of multiple layers to access it, and data can be stored on intermediate servers if necessary. The final client cannot be directly connected to the server.
Accessing the REST API for WordPress
To utilize the WP-REST API, it is necessary to access the site through the command line, which is known as WP-CLI in WordPress. None of these actions are conducted via the admin screens or by directly accessing the code on the site.
Now, let’s explore how to begin.
Utilizing WP-CLI to Access WP-REST
WP-CLI, the WordPress Command Line Interface, is a tool that allows users to interact with WordPress through the Command Line Interface (CLI) on their computer. To use the CLI, users can launch Terminal on a Mac or in Linux, or Command Prompt on Windows.
If attempting to access a remote site, users must SSH to their server and access it through WP-CLI.
To access a local site, users only need to utilize the correct directory structure from the command line. It is advisable to experiment with the REST API on a local test site before attempting it on a live site.
To specifically access the REST API for the desired site, users must visit:
| http://yoursite.com/wp-json/wp/v2 |
Afterward, users can add various elements to access specific data, which we will examine in greater detail shortly. These added elements are known as endpoints.
Authentication
After accessing your site, it may be necessary to go through an authentication process. Authentication requirements vary for each endpoint; some are public and do not necessitate authentication, while others do.
Logging into your site admin is not required for REST API authentication. To authenticate your site via WP-CLI, you must first install an authentication plugin. For development installations, the Basic Auth plugin is suitable and user-friendly.
However, for live sites, it is recommended to use a more secure authentication method such as the JWT Authentication plugin, which employs a JSON Web Token.
Once authenticated, the command line can be utilized to access data. The following example employs curl to test the connection to WordPress and output a list of draft posts:
| curl -X GET –user username:password -i http://yoursite.com/wp-json/wp/v2/posts?status=draft |
Draft posts are not publicly accessible; thus, authentication is required. However, if searching for public data, authentication is not needed. For instance, the following command would retrieve all published posts:
| curl -X GET http://yoursite.com/wp-json/wp/v2/posts |
Terms and Commands of WordPress REST API
After successfully accessing your site and becoming familiar with authentication, it will be necessary to employ one of the various commands to interact with the site.
The list of commands required includes:
GET
The GET command is likely the most widely used because it obtains data. For example, after accessing your site, the following line would retrieve a list of all published pages on your site:
| GET http://yoursite.com/wp-json/wp/v2/posts/?status=published |
It is worth noting that I didn’t include the complete path to your site above since you’ve already accessed it through WP-CLI.
After obtaining the data, it can be used to guide the next step. You might edit, update, or remove one of the retrieved posts. Alternatively, you could display the posts in your web app.
Suppose you wanted to retrieve the latest post. In that case, you would use the following command:
| GET http://yoursite.com/wp-json/wp/v2/posts/?per_page=1 |
POST
To add new data or resources to your site, employ the POST command. For example, if you wish to create a new post, begin by using the POST command:
| POST http://yoursite.com/wp-json/wp/v2/posts/ |
This will generate a new empty draft post.
Subsequently, utilize the PUT command (which we will discuss shortly) to modify the post. The POST command may also be used to add other resources aside from posts, such as attachments and other post types.
To include a page on your site, use a command similar to this:
| POST http://yoursite.com/wp-json/wp/v2/posts/pages |
This will establish an empty page in the same manner as you would create an empty post.
PUT
The PUT command enables users to edit an existing resource, including posts. For instance, suppose you have several draft posts on your site, and you wish to review them and update one to make it published. To begin, retrieve a list of all the draft posts:
| POST http://yoursite.com/wp-json/wp/v2/posts/?status=”draft” |
The system will then provide you with a list of all the present draft posts. You may modify the status of one of them using its ID:
| PUT http://yoursite.com/wp-json/wp/v2/posts/567 |
This accesses that specific post and allows for editing. You can modify its status using the status argument, such as:
| {“status” = “publish”} |
Alternatively, you may add content to the post and publish it, such as:
| {“status” = “publish””content” = “content here”} |
After the PUT request successfully edits the post, the server will return a “200-OK” status.
DELETE
As anticipated, the DELETE command removes a resource. When used to delete a post, it is set to send it to the trash by default, rather than deleting it permanently.
Therefore, if you desire to move the newly created post to the trash, utilize this command:
| DELETE http://yoursite.com/wp-json/wp/v2/posts/567 |
Alternatively, if you wish to bypass the trash and delete it permanently, employ the force argument:
| DELETE http://yoursite.com/wp-json/wp/v2/posts/567?force=true |
This command permanently deletes the post, with no chance to undo the action. So, it should be exercised with caution.
WordPress Rest API: When to Use It
The WordPress REST API is advantageous in two primary circumstances.
- Firstly, it is beneficial for integrating WordPress into an application or website that is not constructed with WordPress.
- Secondly, you can create themes and plugins using any language you desire, such as PHP, JavaScript, or others, and then use the WordPress REST API to access the required data.
However, there are situations where this API is not necessary. For example, when developing a theme or plugin with PHP, it may be more advantageous to utilize WordPress’s other APIs, such as the Theme Customization API and Plugin API.
Furthermore, website owners can achieve much with an appropriate WordPress theme and extensive customization.
Overall, the WordPress REST API is not always the ideal solution, but when it is suitable, it is potent. The WordPress API documentation expresses it well:
“If you desire a structured, extensible, and straightforward method for retrieving data in and out of WordPress, then the REST API is likely the preferred choice.”
WordPress Rest API: When to Avoid
Using the WordPress REST API may not always be the most suitable approach to developing a website or app. There are several considerations to keep in mind before utilizing it for development:
- Compatibility:
If your app is intended for use on devices that do not support JavaScript or by users who frequently disable it, then the REST API will not work.
A WordPress site built using PHP will output HTML, which means it will not be affected by this issue. While devices that do not support JavaScript are becoming less common, if you are developing specifically for them, the REST API will not be suitable.
Likewise, if your users often disable JavaScript, using the REST API may lead to problems. Some users turn off JavaScript in their browsers for security or accessibility reasons.
- Accessibility:
Websites or applications built using JavaScript are not always as accessible as those that output HTML.
This is mainly due to the way JavaScript is used to deliver dynamic content, which may not be compatible with screen readers and can create difficulties for people with visual impairments or photosensitive epilepsy.
Using the REST API to access your WordPress site and output data in an accessible format can help overcome these issues, but it is important to check the site for accessibility while you are developing it.
- SEO:
Single Page Applications, which refresh frequently, can sometimes create problems for SEO. This is because content that is not displayed when the page is first loaded may not be indexed by search engines.
Google and other search engines are beginning to recognize that many websites are now using SPAs and are indexing them accordingly. However, it is still recommended to conduct a thorough SEO audit of any site developed using the REST API.
How to Turn Off the REST API in WordPress
To prevent applications from accessing your site’s data through the REST API, you have the option to disable it. It’s important to keep in mind that public data may be accessible by anyone, not just yourself.
One way to disable the REST API is by installing the Disable WP REST API plugin. This plugin disables the REST API for anyone who isn’t logged in to your site.
Alternatively, you can add some code to your theme’s functions file or create a plugin. It’s better to create a plugin, as this is not a theme-specific function.
In your plugin, you can add the following two lines of code:
| add_filter(‘json_enabled’, ‘__return_false’);add_filter(‘json_jsonp_enabled’, ‘__return_false’); |
This will completely disable the REST API for your site. However, it may have an impact on your admin screens, so it’s important to ensure everything works properly once you’ve implemented this change.
Summary of WordPress REST API
The WordPress REST API is a game-changer for developers looking to create custom WordPress applications and websites. By allowing developers to access WordPress data through HTTP requests, it makes it easier to build powerful, custom solutions using any programming language.
Whether you are building a simple website or a complex web application, the REST API is a must-have tool in your developer toolkit.
