How to call WordPress rest API?

Reading Time: 4 minutes

How to Call the WordPress REST API

The WordPress REST API provides developers with a powerful tool to interact with WordPress sites remotely. Whether you’re building a mobile application, integrating with third-party services, or creating custom front-end experiences, understanding how to call the WordPress REST API is essential. In this article, we’ll explore various methods to interact with the WordPress REST API, provide practical examples, and share best practices to maximize its potential.

Understanding the WordPress REST API

The WordPress REST API is a RESTful interface that allows applications to access WordPress data using HTTP requests. It uses standard HTTP methods like GET, POST, PUT, DELETE, and supports JSON data format. This flexibility enables developers to interact with WordPress from virtually any programming language or platform.

Why Use the WordPress REST API?

The REST API opens up numerous possibilities:

• Headless CMS: Use WordPress as a backend while building the front end with frameworks like React, Vue.js, or Angular.
• Mobile App Development: Integrate WordPress content into iOS and Android applications.
• Third-Party Integration: Connect WordPress to other systems and services for enhanced functionality.
• Automation: Automate tasks such as content publishing, updates, and data retrieval.

Prerequisites for Calling the REST API

Before making API calls, ensure the following:

• Your WordPress site is version 4.7 or higher (the REST API is included in the core).
• Permalinks are enabled and properly configured.
• You have appropriate permissions or credentials if making authenticated requests.

Methods to Call the WordPress REST API

There are several ways to interact with the WordPress REST API, depending on your needs and environment. Below are the most common methods:

1. Using JavaScript (Client-Side)

Calling the REST API from client-side JavaScript is ideal for dynamic web applications. Here’s how you can fetch posts:

fetch('https://yourwebsite.com/wp-json/wp/v2/posts')
  .then(response => response.json())
  .then(posts => {
    posts.forEach(post => {
      console.log(post.title.rendered);
    });
  })
  .catch(error => console.error('Error:', error));

Explanation: This code fetches all posts and logs their titles to the console.

2. Using PHP (Server-Side)

For server-side interactions within WordPress themes or plugins, you can use PHP:

<?php
$endpoint = 'https://yourwebsite.com/wp-json/wp/v2/posts';
$response = wp_remote_get( $endpoint );

if ( is_wp_error( $response ) ) {
    $error_message = $response->get_error_message();
    echo "Something went wrong: $error_message";
} else {
    $posts = json_decode( wp_remote_retrieve_body( $response ), true );
    foreach ( $posts as $post ) {
        echo $post['title']['rendered'];
    }
}
?>

Explanation: This script retrieves posts and echoes their titles.

3. Using cURL in Command Line

For quick testing or scripting, cURL is a handy tool:

curl https://yourwebsite.com/wp-json/wp/v2/posts

Explanation: This command fetches all posts and outputs the JSON response.

4. Using Third-Party Tools (e.g., Postman)

Postman is a popular application for testing APIs:

1. Download and install Postman.
2. Open Postman and create a new GET request to https://yourwebsite.com/wp-json/wp/v2/posts.
3. Click “Send” to make the request and view the response.

Comparison of Methods

Method	Best For	Complexity
JavaScript	Dynamic front-end applications	Medium
PHP	Server-side processing within WordPress	Medium
cURL	Quick testing and scripting	Low
Postman	API testing and debugging	Low

Authentication Methods

While public data (like published posts) can be accessed without authentication, modifying content requires authentication. Here are common methods:

1. No Authentication (Public Endpoints)

For read-only access to public data, simply make requests without authentication.

2. Basic Authentication

Send your username and password with the request headers. Not recommended for production due to security risks.

Example using cURL:

curl --user username:password https://yourwebsite.com/wp-json/wp/v2/posts

3. Application Passwords

Introduced in WordPress 5.6, application passwords provide a safer way to authenticate:

1. In your WordPress dashboard, navigate to Users > Profile.
2. Scroll down to the Application Passwords section.
3. Enter a name for your application and click Add New Application Password.
4. Copy the generated password.

Example using cURL:

curl --user username:application_password -X POST -H "Content-Type: application/json" -d '{"title":"New Post","status":"publish"}' https://yourwebsite.com/wp-json/wp/v2/posts

4. OAuth Authentication

OAuth is a more secure, but complex, method requiring additional plugins and setup. It’s suitable for integrations where security is paramount.

Working with JSON Responses

The REST API returns data in JSON format, which you must parse to use effectively.

Parsing JSON in JavaScript

fetch('https://yourwebsite.com/wp-json/wp/v2/posts')
  .then(response => response.json())
  .then(posts => {
    posts.forEach(post => {
      document.body.innerHTML += `<h2>${post.title.rendered}</h2>`;
    });
  })
  .catch(error => console.error('Error:', error));

Parsing JSON in PHP

<?php
$response = wp_remote_get( 'https://yourwebsite.com/wp-json/wp/v2/posts' );
if ( !is_wp_error( $response ) ) {
    $posts = json_decode( wp_remote_retrieve_body( $response ), true );
    foreach ( $posts as $post ) {
        echo '<h2>' . $post['title']['rendered'] . '</h2>';
    }
}
?>

Practical Examples

Retrieving Posts

To fetch recent posts:

GET https://yourwebsite.com/wp-json/wp/v2/posts

Creating a New Post

To create a post (requires authentication):

POST https://yourwebsite.com/wp-json/wp/v2/posts
Headers:
  Content-Type: application/json
  Authorization: Basic {base64 encoded credentials}
Body:
  {
    "title": "API Post",
    "content": "This post was created via the REST API",
    "status": "publish"
  }

Updating a Post

To update a post:

POST https://yourwebsite.com/wp-json/wp/v2/posts/{post_id}
Headers and Body same as above, with updated fields.

Deleting a Post

To delete a post:

DELETE https://yourwebsite.com/wp-json/wp/v2/posts/{post_id}?force=true
Headers:
  Authorization: Basic {base64 encoded credentials}

Best Practices

Security Considerations

• Always use HTTPS to encrypt data in transit.
• Use secure authentication methods (avoid Basic Auth in production).
• Limit API user permissions to the minimum required.

Error Handling

• Check HTTP status codes to handle errors appropriately.
• Implement retries for transient errors, with exponential backoff.
• Validate and sanitize any data sent to the API.

Performance Optimization

• Use query parameters to filter data (e.g., ?per_page=5).
• Cache responses when appropriate to reduce load.
• Avoid unnecessary API calls by batching requests.

Conclusion

The WordPress REST API empowers developers to extend the functionality of WordPress beyond traditional web pages. By leveraging the methods and best practices outlined above, you can integrate WordPress with various platforms and create rich, dynamic applications. Whether you’re a seasoned developer or new to WordPress, the REST API is a valuable tool in your development arsenal.

About the Author

Ali Shan is a WordPress developer with over 10 years of experience specializing in custom plugin development and API integrations. He is passionate about open-source technologies and enjoys sharing her knowledge through writing and speaking at tech conferences. Connect with her on LinkedIn.