There is a lot of buzz around the upcoming REST API for WordPress, and rightly so! After the introduction of custom post types way back in version 2.9, this may be the biggest step toward making WordPress a true application framework.<\/p>\n
In a nutshell, the REST API it allows developers to completely de-couple the front-end from the core WordPress package. This will lead to better mobile apps, highly customized themes and \u2013 hopefully \u2013 clever implementations we haven’t even thought of yet.<\/p>\n
In this article, I’ll show you how to get started with the REST API and some companies already using it successfully.<\/p>\n
A quick note: this article is aimed at developers with a solid understanding of PHP and WordPress.<\/p>\n
Right now, you’ll need the REST API Plugin<\/a> to get started and the latest version of WordPress. You’ll also need some knowledge of the WordPress HTTP API to make calls.<\/p>\n As our first project for this tutorial, let’s create a local WordPress installation, which will pull posts from our live site using the REST API. Make sure you have the REST API plugin installed on the live site and create an empty widget plugin on your local site. Here’s the boilerplate code I used to get started:<\/p>\n Please update your cookie preferences<\/a> to enable preference cookies to view this gist.<\/p><\/div><\/div>\n This code is contained within a If you aren’t familiar with creating widgets fear not, we have an article on building WordPress widgets like a pro<\/a>. In this article, we’ll mostly focus on the We’ll also be using the WordPress HTTP API to make requests and read responses from the WordPress API. If you’re new to HTTP, take a look at our handy guide on using the HTTP API<\/a>.<\/p>\n Just as with any REST API, we’ll need a couple of things to make each request. We need to know the following:<\/p>\n The base path<\/strong> of the API is always Each route can have a number of endpoints which are differentiated by the HTTP method. The route to a single article might be something like For our example, we’ll be using the Please update your cookie preferences<\/a> to enable preference cookies to view this gist.<\/p><\/div><\/div>\n In our case, the response is favorable if it is not a Please update your cookie preferences<\/a> to enable preference cookies to view this gist.<\/p><\/div><\/div>\n This seems like a simplistic example \u2013 and it is \u2013 but the potential it holds is amazing. If you replace the HTTP API functions with cURL or something else, our example is basically WordPress-agnostic. We could be working in Laravel, Joomla or a mobile application. The fact that we’re displaying posts from WordPress in another<\/em> WordPress system is pure coincidence.<\/p>\n This means that you could create a mobile app for your WooCommerce store which is completely iPhone\/Android native, yet interacts with your WordPress site perfectly, including taking orders, managing shipments and receiving payments. It turns WordPress into an app platform which should make all our websites that much better.<\/p>\n This basic example shows 90% of how you work with the WP API. There are three more things that it is worth looking into briefly:<\/p>\n It doesn’t do to continuously bother servers with calls when they aren’t needed. In our example above we’ve displayed a list of posts which probably won’t change within seconds. Caching this response for an hour, maybe even a day, would be a good idea.<\/p>\n There are a number of approaches to solve this, including JP REST API CACHE<\/a> which is a composer library, caching plugins and using native transients. I’ll show you a quick transients example here.<\/p>\n The idea of a transient is that it stores data with an expiration date. By default it will go into the database but some setups allow storage in memory which makes it even faster. When we retrieve the posts we want to put them in a transient and set the expiration to an hour. Until the expiration time arrives the posts are retrieved from our own database. After expiration they are retrieved from the external site once again and put into the transient.<\/p>\n Here’s how I would modify the widget function (creating an additional function in the process).<\/p>\n Please update your cookie preferences<\/a> to enable preference cookies to view this gist.<\/p><\/div><\/div>\n The method above should work without authentication but you should always<\/strong> authenticate yourself. Take a look at the Authentication<\/a> section in the documentation for more info. When working with external requests like this you have two options: basic authentication and OAuth.<\/p>\n Basic authentication<\/strong> is the simplest but should never<\/strong> be used in production as it is quite unsafe, it requires you to send your actual username and password with each request. It is a good method for testing though so I’ll show you how to get it up and running.<\/p>\n Basic Authentication<\/strong><\/p>\n To enable basic authentication, you need to install a plugin<\/a> on the target site. Once this has been activated you’ll be able to make authenticated calls.<\/p>\n To get started you need to set an authorization header with the value Please update your cookie preferences<\/a> to enable preference cookies to view this gist.<\/p><\/div><\/div>\n Take care, if you use your own website URL and are properly authenticated this will delete the post with the ID of 1183! As you can see, manipulating data is extremely simple with the API, it really is a joy to work with.<\/p>\n OAuth Authentication<\/strong><\/p>\n This method of authentication also requires you to install a plugin<\/a>. Once the API is merged into core this plugin will be included so you won’t need to worry about multiple separate plugins. Unfortunately at the moment the documentation for OAuth is a mess so I won’t be able to show you how to get this done right now.<\/p>\n It involves installing using WP-CLI<\/a> a command line interface for WordPress, installing a community extension for it, the WP Client CLI<\/a> and using those two together. This would not really pose a problem, but a command listed isn’t available and it is making our lives harder than it needs to be.<\/p>\n Once easy-to-use instructions are available I’ll report back on how to do this. For now, we can stick to testing the waters with the basic authentication.<\/p>\n I highly recommend reading the Discovery<\/a> page of the documentation and just browsing around in general. You’ll find all the methods that allow you to interact with users, post types, media, meta data and everything else you might need.<\/p>\n A part of learning any API is familiarizing yourself with all the options and the WordPress API is no exception. You’ll find some quirks like not being able to delete users and other minor issues, but keep in mind that this is still work in progress and is shaping up beautifully.<\/p>\n Even as the REST API is emerging from its infancy, many companies are already using it.<\/p>\n Here’s a list of just some of them testing the waters:<\/p>\n Are you using the WP REST API? We’d love to hear how you are using it, or plan to use it.<\/p>\n What do you think about the opportunities it provides? Do you see it as the way forward for the WordPress community or is it just a passing fad?<\/p>\n","protected":false},"excerpt":{"rendered":" There is a lot of buzz around the upcoming REST API for WordPress, and rightly so! After the introduction of custom post types way back in version 2.9, this may be the biggest step toward making WordPress a true application framework. Here’s how you can get started using the API.<\/p>\n","protected":false},"author":344049,"featured_media":162934,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"blog_reading_time":"","wds_primary_category":0,"wds_primary_tutorials_categories":0,"footnotes":""},"categories":[557,263],"tags":[10301],"tutorials_categories":[],"class_list":["post-148205","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-development","category-tutorials","tag-wp-rest-api"],"_links":{"self":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/148205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/users\/344049"}],"replies":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/comments?post=148205"}],"version-history":[{"count":8,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/148205\/revisions"}],"predecessor-version":[{"id":209667,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/148205\/revisions\/209667"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/media\/162934"}],"wp:attachment":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/media?parent=148205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/categories?post=148205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/tags?post=148205"},{"taxonomy":"tutorials_categories","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/tutorials_categories?post=148205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}rest-api-test-widget<\/code> folder in the plugins directory, in a file named rest-api-test-widget.php<\/code>. It contains the plugin header, which is used when listing the plugin in the admin and a tiny bit more than the bare minimum for creating a widget.<\/p>\nwidget()<\/code> function, which governs the output of the widget.<\/p>\nGrabbing Some Posts<\/h3>\n
\n
\/wp-json\/wp\/v2\/<\/code>. All routes I’ll describe will be relative to this path. So the full base URL would be http:\/\/mywebsite.com\/wp-json\/wp\/v2\/<\/code>. The route for getting posts is \/posts<\/code> so the full route URL is http:\/\/mywebsite.com\/wp-json\/wp\/v2\/posts\/<\/code>.<\/p>\n\/posts\/325<\/code>. This route has three endpoints:<\/p>\n\n
http:\/\/mywebsite.com\/wp-json\/wp\/v2\/posts\/<\/code> route with the GET endpoint to retrieve posts. Using the HTTP API, this is a simple line of code.<\/p>\nWP_Error<\/code> object and if it returns some posts. The data is returned in the body of the response which we can grab using the wp_remote_retrieve_body()<\/code> function. The body will contain a JSON encoded string with post data. Here’s the full code for displaying them in our widget.<\/p>\nDoing More With the REST API<\/h3>\n
\n
Caching Responses<\/h4>\n
Authentication<\/h4>\n
Basic <Base64 encoded username:password><\/code>. Assuming your username is mrawesome<\/strong> and your password is awesomepass<\/strong> you could create this header and authenticate a call like so:<\/p>\nDiscovering More To Do<\/h4>\n
Companies Using The REST API Right Now<\/h3>\n
\n
Where Do You Fit In?<\/h2>\n