An Introduction to the WordPress REST API

You’re probably familiar with traditional WordPress customizations using internal classes and functions available with the platform. What you might not know is that WordPress has an external REST API that gives you the ability to work with its data from a remote location. For instance, you might want to post content from a mobile app to your site. You can do this using the WordPress REST API.

Checking Your Site for Compatibility

If you work with any current version of WordPress, you have the REST API installed. You can check your site by using the following URL in your browser.

In this example, you should see a JSON response with a list of your posts. If you don’t have a Chrome extension that formats JSON, then you won’t be able to read the content. You can use extensions such as JSON Formatter to organize content so that you can read it.

If you have an older version of WordPress, you will need to download the plugin to add the REST API to your site. You should always keep your WordPress site updated with the latest version, so if you have an older WordPress site, it’s imperative that you upgrade. Many of the updates released by WordPress are for security reasons, so you risk the protection of your site when you don’t upgrade to the latest WordPress version.


As with any API, you can perform several activities on each endpoint. The three main ones that you’ll use are GET, PUT and DELETE. GET retrieves information. Just like in the previous example, entering the following URL into your browser uses the GET activity.

You GET all of your posts from the above URL. You can also use a WordPress function wp_remote_get to retrieve posts and assign them to a variable.

$response = wp_remote_get( '' );

The PUT verb tells the API to update or post content to the site. When you want to change resources, you need to provide your credentials. We’re going to use a URL with plain text credentials, but this is only done to illustrate the way the WordPress API works. You would never do this in production. Instead, use OAuth authentication in your production environment.

Take a look at the following code.

$post['body'] = array(

'title' => 'My Post',

'status' => 'draft',

'content' => 'Post content.'


$response = wp_remote_post( '', $post );

If you didn’t include a username and password, the $response variable would have a denied message.

$response = wp_remote_request( 'http://', array(

'method' => 'DELETE' ));

To learn more about working with authentication in production, check out the WordPress REST API documentation. You can also get a list of actions that you can code against the API so that you can have remote control of your blog.

The API is good for creating posts remotely, managing your comments from a remote device, or just creating applications that manage several sites that you might own. Just remember to use OAuth and a secure connection when working with remote authentication on your blog.

Get the latest in Web Performance
Subscribe now to receive the latest news, tips and tricks in web performance!
The information you provide will be used in accordance with the terms of our privacy policy


No comments

Be the first to post a comment.

Post a comment