We continue our series of articles on the topic of the WordPress API. Today, we’ll explore general techniques for interacting with the API, which can be applied to custom post types, categories, and other taxonomies.
Reading posts
To retrieve data from the endpoint that returns a list of posts, we need to make a request to: “http://my-site/wp-json/wp/v2/posts/”. This request can be executed in several ways:
- Using WordPress native HTTP functions for CRUL requests (wrappers around native PHP curl functions):
wp_remote_get,wp_remote_post,wp_remote_request - With
curl_initand othercurl_*functions - Using
file_get_contents, but only for GET requests (the simplest and least flexible option)
In our examples, we’ll use the wp_remote_* functions. To get a list of all posts (with pagination support) in JSON format, you can use the following code:
$url = 'http://мой-сайт/wp-json/wp/v2/posts/'; $response = wp_remote_get($url); $records = json_decode( wp_remote_retrieve_body($response), true ); echo '<strong>Code:</strong> ' . wp_remote_retrieve_response_code($response); echo '<br>'; echo '<strong>Message:</strong> ' . wp_remote_retrieve_response_message($response); echo '<br>'; echo '<strong>Records:</strong> ' . count($records); echo '<br>'; echo '<strong>Answer:</strong>'; echo"<pre>\$records = ";print_r($records);echo"</pre>"; die;
This code snippet:
$response = wp_remote_get($url); $records = json_decode( wp_remote_retrieve_body($response), true );
handles the request and decodes the JSON data into a PHP array.
We also display additional response info:
echo '<strong>Code:</strong> ' . wp_remote_retrieve_response_code($response); echo '<br>'; echo '<strong>Message:</strong> ' . wp_remote_retrieve_response_message($response); echo '<br>'; echo '<strong>Records:</strong> ' . count($records); echo '<br>';
Specifically:
- HTTP response code
- Message
- Number of retrieved posts
As mentioned in the previous article, we can apply filters to API requests. For example, to fetch specific posts by ID:
$response = wp_remote_get($url, [ 'body' => [ 'include' => [2579, 2570], ] ]);
REST API request parameters are almost identical to those used in the get_posts() function — though not always.
Here’s a parameter mapping snippet:
$parameter_mappings = array( 'author' => 'author__in', 'author_exclude' => 'author__not_in', 'exclude' => 'post__not_in', 'include' => 'post__in', 'menu_order' => 'menu_order', 'offset' => 'offset', 'order' => 'order', 'orderby' => 'orderby', 'page' => 'paged', 'parent' => 'post_parent__in', 'parent_exclude' => 'post_parent__not_in', 'search' => 's', 'slug' => 'post_name__in', 'status' => 'post_status', );
where keys are API parameters and values are their WP_Query equivalents.
You can also retrieve a specific post directly by its ID in the URL, like this:
$url = 'http://мой-сайт/wp-json/wp/v2/posts/2579'; $response = wp_remote_get($url); $records = json_decode( wp_remote_retrieve_body($response), true ); echo"<pre>";print_r($records);echo"</pre>"; die;
Creating posts via WordPress REST API
Creating, editing, and deleting posts are more sensitive operations than reading, and require the appropriate permissions (administrator or author role). In other words, the user must be authenticated via the API and authorized to act with those capabilities.
One secure option for API authentication in WordPress is the “JWT Authentication for WP REST API” plugin (although, at the time of writing, it hasn’t been updated for nearly a year, despite having over 30k installs). In practice, I also used “Application Passwords” — a simpler and more convenient solution.
In this example, we’ll use the “JSON Basic Authentication” plugin available on GitHub. It’s the simplest (but least secure) method for API authentication using HTTP Basic Auth.
This plugin must be installed on the site where the posts will be created via REST API. So you’ll need two sites: one to receive and create content, and another to send the requests.
The following PHP code sends a REST request to create a post:
$url = 'http://мой-сайт/wp-json/wp/v2/posts/'; $username = 'admin'; $password = 'qweqwe'; $headers = [ 'Authorization' => 'Basic ' . base64_encode($username . ':' . $password), ]; $response = wp_remote_post($url, [ 'headers' => $headers, 'body' => [ 'title' => 'TEST TITLE #' . rand(0, 1000), 'content' => 'TEST CONTENT', 'status' => 'publish', ] ]); $records = json_decode(wp_remote_retrieve_body($response), true); echo"<pre>";print_r($records);echo"</pre>"; die;
Along with the POST data, we must also send an authentication header (with the “JSON Basic Authentication” plugin installed). The post content is defined in the 'body' array.
The API response will be a JSON object containing the newly created post.
Editing posts via WordPress REST API
The code for updating a post via REST API is almost identical to the create request. The only difference is the URL (see the first line):
$url = 'http://мой-сайт/wp-json/wp/v2/posts/2691';
$response = wp_remote_post($url, [
'headers' => $headers,
'body' => [
'title' => 'TEST TITLE (changed: '.date('Y-m-d H:i:s').')',
]
]);
$records = json_decode(wp_remote_retrieve_body($response), true);
echo"<pre>";print_r($records);echo"</pre>";
die;The URL must end with the post ID (in this case: 2691) that you want to update.
The 'body' array can include any new data — WordPress will overwrite the existing values.
Deleting posts via WordPress REST API
To delete a post, simply send a DELETE request to the post’s URL (similar to the update process):
$url = 'http://мой-сайт/wp-json/wp/v2/posts/2691'; $response = wp_remote_request($url, array( 'method' => 'DELETE', 'headers' => $headers, )); $records = json_decode(wp_remote_retrieve_body($response), true); echo"<pre>";print_r($records);echo"</pre>"; die;
The response will be a JSON object containing the deleted post data.