Introduction to the WordPress REST API
What is the REST API?
The WordPress REST API provides a standardized way to interact with WordPress using HTTP requests. Instead of loading PHP pages, you send requests to URLs (endpoints) and receive JSON data in response.
REST stands for REpresentational State Transfer β an architectural style for building web services.
Why Use the REST API?
| Use Case | Example |
|---|---|
| Headless WordPress | React/Vue frontend with WordPress backend |
| Mobile Apps | iOS/Android apps fetching WordPress content |
| External Integrations | Syncing with CRMs, email services |
| JavaScript Interfaces | Real-time admin dashboards |
| Multi-site Data | Aggregating content from multiple WordPress sites |
The API Structure
WordPress REST API endpoints follow this pattern:
https://yoursite.com/wp-json/wp/v2/posts
βββ base ββββnamespaceββrouteβNamespace: Groups related endpoints (wp/v2 is core WordPress) Route: The specific resource (posts, pages, users)
Making Your First Request
Open your browser or use curl:
# Get all posts
curl https://yoursite.com/wp-json/wp/v2/posts
# Get a specific post
curl https://yoursite.com/wp-json/wp/v2/posts/123
# Get posts with parameters
curl "https://yoursite.com/wp-json/wp/v2/posts?per_page=5&orderby=date"Using JavaScript
// Fetch posts with the Fetch API
async function getPosts() {
const response = await fetch('/wp-json/wp/v2/posts');
const posts = await response.json();
posts.forEach(post => {
console.log(post.title.rendered);
});
}
getPosts();Core Endpoints
WordPress provides these built-in endpoints:
| Endpoint | Description |
|---|---|
/wp/v2/posts | Blog posts |
/wp/v2/pages | Static pages |
/wp/v2/media | Attachments/images |
/wp/v2/categories | Post categories |
/wp/v2/tags | Post tags |
/wp/v2/users | User accounts |
/wp/v2/comments | Post comments |
/wp/v2/settings | Site settings (authenticated) |
Discovering the API
The API is self-documenting. Visit the index:
curl https://yoursite.com/wp-json/This returns all available namespaces and routes with their supported methods and arguments.
HTTP Methods
REST APIs use HTTP methods to indicate actions:
| Method | Action | Example |
|---|---|---|
GET | Read data | Fetch posts |
POST | Create new | Add a new post |
PUT/PATCH | Update | Edit a post |
DELETE | Remove | Delete a post |
# GET - Read
curl -X GET /wp-json/wp/v2/posts
# POST - Create (requires authentication)
curl -X POST /wp-json/wp/v2/posts
-H "Authorization: Basic BASE64_CREDENTIALS"
-d "title=New Post&content=Hello World&status=publish"
# DELETE - Remove
curl -X DELETE /wp-json/wp/v2/posts/123
-H "Authorization: Basic BASE64_CREDENTIALS"Response Structure
API responses include helpful metadata in headers:
X-WP-Total: 42 # Total items available
X-WP-TotalPages: 5 # Total pages for pagination
Link: <...>; rel="next" # Pagination linksThe JSON body contains the actual data:
{
"id": 123,
"date": "2026-01-15T10:30:00",
"title": {
"rendered": "My Post Title"
},
"content": {
"rendered": "<p>Post content here...</p>"
},
"excerpt": {
"rendered": "<p>Short excerpt...</p>"
},
"_links": {
"self": [{"href": "..."}],
"author": [{"href": "..."}]
}
}Enabling/Disabling the API
The REST API is enabled by default. To restrict it:
// Require authentication for all REST requests
add_filter( 'rest_authentication_errors', function( $result ) {
if ( true === $result || is_wp_error( $result ) ) {
return $result;
}
if ( ! is_user_logged_in() ) {
return new WP_Error(
'rest_not_logged_in',
'You must be logged in to access the API.',
array( 'status' => 401 )
);
}
return $result;
});Next Steps
In the next lesson, we'll explore querying data in depth β filtering, pagination, embedding related data, and field selection.
