REST, or REpresentational State Transfer, means an architectural style for providing standards between computer systems on the web, making it easier for systems to communicate with each other.
Example: The below REST endpoint is use to fetch all the WordPress posts and pages.
GET /posts -
GET /pages -
Open access APIs/Public APIs - WordPress REST APIs are by default open and it’s accessible without any authentication method. In which If someone tries to access the users API then he can easily access the WordPress admin user.
Example: You can try the below endpoint in the browser:
You can secure your WordPress REST APIs using WordPress REST API Authentication plugin. It provides a feature called Protected REST APIs which you can configure to protect your REST APIs.
There are many different use cases available for WordPress REST APIs and some of the main use-cases of it are listed below.
Suppose you want to develop a Android and IOS application and It’s a simple Blog application where users can see the blogs and post the blogs using the mobile application itself. Now in that case you want to create, retrieve, update and delete the posts from the mobile application too. Which could be done easily with the help of WordPress REST APIs.
Suppose you already have an ecommerce site which is developed with help of WooCommerce plugin and WordPress and you are looking for developing the native applications using the React framework.
Now, you don’t want to go with creating another database for the native application and upload all the products, customer and order details approach as it won’t be efficient and well maintained according to the case of WordPress.
You can easily access the WooCommerce REST APIs into your native application even with the functionality of login of the user with WordPress credentials and even if with the social login.
You can easily authenticate and access the WooCommerce REST APIs If you have logged in using the social login platform into your application.
Cookie authentication is the standard authentication method included with WordPress. When you log in to your dashboard, this sets up the cookies correctly for you, so plugin and theme developers need only to have a logged-in user.
However, the REST API includes a technique called nonces to avoid CSRF issues. This prevents other sites from forcing you to perform actions without explicitly intending to do so. This requires slightly special handling for the API.
Suggestion would be to download the WP REST API Authentication plugin which will make it a lot easier to access the WordPress REST APIs according to your use-case or requirements.
It supports a lot of authentication methods like API Key Authentication, Basic Authentication, JWT Authentication, OAuth 2.0 Authentication and Third Party OAuth 2.0 Provider Authentication method etc. Which is compatible with all the below HTTP methods:
Once you installed the plugin you can enable the API Key Authentication method as in the below screenshot.
After that you would be able to access the WordPress REST APIs with the given API key from the plugin.
So, you can run the below curl command to retrieve the posts from the WordPress.
Curl -H ‘Authorization: Bearer . You just need to replace the API-key and the domain for your WordPress site and you will retrieve all the posts in the response.
Postman is a software development tool. It enables people to test calls to APIs. You can access the WordPress posts using the postman as below step.
Similarly you can make all the HTTP method requests like POST, PUT and DELETE using postman. This plugin provides developer documentation as well where you can get all the curl command and postman samples for accessing the WordPress REST APIs with all the authentication methods it supports. You just need to run it. You can refer to this documentation:
API Key Authentication
WordPress provides some by default REST endpoints to get the resources. Some of the below objects are:
In this case you need to create custom WordPress REST APIs to handle the functionality or you can use the below plugin to make custom WordPress REST APIs.
You can simply put the API name and the HTTP method you want to use. After that, you need to select the database table from which you want to retrieve the data. You can also select the columns and make the condition to get it without even coding a single line.