Discover in this article the basics about the WordPress REST API and how you can take advantage of it.
In previous tutorials you have seen how to use the REST API, for example in the tutorial in which I explained how to display the posts of another website through a shortcode using the WordPress REST API.
But while I was preparing new tutorials using it, I thought it’s worth laying the groundwork first.
This article is not intended to be an exhaustive study, but a review of the basic concepts and, above all, of the key elements that you will need to use the WordPress REST API.
In addition, it will also serve as a support if you have any doubts when you are following any OsomCode tutorials.
Let’s get to it.
What is a REST API?
Let’s start with the definition of each of the parts
- On the one hand, API stands for Application Programming Interface. It allows two applications to communicate with each other.
- On the other hand, REST stands for REpresentational State Transfer.
And putting both concepts together, we could say that a REST API is a programming interface that uses the HTTP protocol, which offers routes or endpoints where to consult or modify information.
And in the case of WordPress this definition is fulfilled.
That is, the WordPress REST API is an interface that allows you to manage the CMS from outside the WordPress installation itself.
This can be done from a desktop application, a mobile application or another external web service, even another WordPress.
Surely you’ve heard the concept of headless WordPress, which is nothing more than using WordPress as a decoupled system. That is, WordPress takes care of the backend and other systems, for example an app, takes care of the frontend.
This is possible thanks to the REST API.
How to use the WordPress REST API?
To start using the API you should know the basics:
- Routes and endpoints
- HTTP methods
- WordPress Functions
Let’s take a closer look at each of them.
Routes and endpoints
Routes and endpoints are the URLs that contain the information.
For example, if you go to osomcode.com/wp-json/ you will see all the available routes and within them there are endpoints.
If we go a little deeper into the path we can get to
/wp-json/wp/v2/posts/, which would be the endpoint to access the entries.
If you notice, the REST API routes follow the following structure:
- URL of the web
- /wp-json: REST API URL prefix.
- /wp: URL name.
- /v2: REST API version.
To give you an idea of how it can vary when you use another API, to access the products using the WooCommerce REST API you would use the path:
But back to WordPress, these are some of the endpoints you can access:
/wp-json/wp/v2/posts/> to access the posts
/wp-json/wp/vp/v2/pages/> to access pages
/wp-json/wp/vp/v2/plugins/> for accessing plugins
/wp-json/wp/vp/v2/theme/> for accessing themes
/wp-json/wp/vp/v2/media/> for media access
/wp-json/wp/v2/v2/users/> for accessing users
/wp-json/wp/vp/v2/tags/> for accessing tags
/wp-json/wp/vp/v2/categories/> for accessing categories
/wp-json/wp/vp/v2/taxonomies/> for accessing taxonomies
/wp-json/wp/vp/v2/comments/> for accessing comments
/wp-json/wp/vp/v2/settings/> for accessing the site settings
/wp-json/wp/vp/v2/blocks/> for accessing blocks
/wp-json/wp/vp/v2/block-types/> for accessing block types
Not only are there some more, but you can also create custom routes and points thanks to the
It is worth noting that some endpoints are public and do not require authentication, while others (the restricted ones) do.
HTTP methods are the ones that will determine the type of operation you are going to perform. These are the basic ones:
GET> to obtain data
POST> to create new elements (posts, taxonomies…).
PUT> to update elements
DELETE> to delete elements
In order to use some of these methods you need to authenticate, so let’s see how you can manage that part.
Indeed, in order to access certain routes and use certain methods you need to authenticate yourself.
This, as you can imagine, is for obvious security reasons. We don’t want anyone to be able to view sensitive data, or worse, create or delete items on the site.
There are several types of authentication but the easiest is to obtain the credentials (username and password) using the Application Passwords tool included in WordPress core.
To know exactly how to do it take a look at this tutorial.
If you are going to use the REST API to connect two WordPress sites (or you are going to call other APIs), you can use some dedicated CMS functions:
wp_remote_request> Makes an HTTP request and returns the response. You can use the method of your choice (any of the above).
wp_remote_get> Make an HTTP request using GET method and return the response.
wp_remote_post> Makes an HTTP request using the POST method and returns the response.
wp_remote_head> Makes an HTTP request using the HEAD method and returns the response.
wp_remote_retrieve_body> Retrieves the
bodyof the response.
wp_remote_retrieve_header> Retrieves the response header.
wp_json_file_decode> Reads and decodes the JSON file.
And for now you have enough theory.
I am aware that there are many concepts, but the idea is to lay the groundwork (or use this article as a reference) so that you can get the most out of the REST API.
The advantage is that, once you know how to use it, you will be able to access and modify all the REST API endpoints. This opens up an almost infinite range of possibilities.
In the next tutorials I will explain how you can take advantage of it with case studies.
Now you know what the WordPress REST API is and the basics of how to use it.
In addition, you’ve seen the possibilities it opens up. With a little practice and imagination you can use WordPress as a decoupled or headless system, in which WordPress takes care of the backend and an app takes care of the frontend.
If you have any question, please leave it in the comments. And if you want to give me a suggestion for future snippets, please send it through the contact form.
Benefits of being a subscriber. 🙂