Today’s post concludes our series on custom Endpoints and API key access in WordPress API. As an example, let’s look at a case where we need to delete a post from the database by its ID, with data validation beforehand.
Example code is below:
<?php
add_action('rest_api_init', function()
{
/**
* Delete
*/
register_rest_route('app/v1', 'delete', [
'methods' => WP_REST_Server::DELETABLE,
'permission_callback' => function(WP_REST_Request $Request)
{
if($Request -> get_param('key') != '123qwe')
{
return new WP_Error('key', 'API KEY is wrong', [
'status' => 400
]);
}
return true;
},
'callback' => function(WP_REST_Request $Request)
{
$Post = get_post( $Request -> get_param('post_id') );
if(is_a($Post, 'WP_Post'))
{
return wp_delete_post($Post -> ID);
}
return false;
},
'args' => [
'key' => [
'description' => 'API KEY',
'type'=> 'string',
'required' => true,
],
'post_id' => [
'description' => 'Post ID',
'type'=> 'integer',
'required' => true,
],
]
]);
});To test the request, you can use the following URL:
“your.site/wp-json/app/v1/delete?key=123qwe&post_id=59”.
Make sure the method used in `register_rest_route` is “DELETE” (or use the `WP_REST_Server::DELETABLE` constant).
Both key and post_id parameters are required:
'args' => [ 'key' => [ 'description' => 'API KEY', 'type'=> 'string', 'required' => true, ], 'post_id' => [ 'description' => 'Post ID', 'type'=> 'integer', 'required' => true, ], ]
This is indicated by the required keys set to TRUE.
In the post deletion example, I decided to only validate the API key:
'permission_callback' => function(WP_REST_Request $Request)
{
if($Request -> get_param('key') != '123qwe')
{
return new WP_Error('key', 'API KEY is wrong', [
'status' => 400
]);
}
return true;
},Because we perform a check for the existence of the post in the database right before deletion. If a post with the given ID exists, we delete it:
'callback' => function(WP_REST_Request $Request)
{
$Post = get_post( $Request -> get_param('post_id') );
if(is_a($Post, 'WP_Post'))
{
return wp_delete_post($Post -> ID);
}
return false;
},After deletion, the WordPress function wp_delete_post returns the deleted post data as an object, and we return it in the response as a JSON object:
{
"ID": 57,
"post_author": "0",
"post_date": "2020-12-12 16:01:58",
"post_date_gmt": "2020-12-12 13:01:58",
"post_content": "The orange is the most widespread citrus crop in all tropical and subtropical regions of the world",
"post_title": "Orange",
"post_excerpt": "",
"post_status": "publish",
"comment_status": "closed",
"ping_status": "closed",
"post_password": "",
"post_name": "orange",
"to_ping": "",
"pinged": "",
"post_modified": "2020-12-12 16:01:58",
"post_modified_gmt": "2020-12-12 13:01:58",
"post_content_filtered": "",
"post_parent": 0,
"guid": "your.site/fruit/orange/",
"menu_order": 0,
"post_type": "fruit",
"post_mime_type": "",
"comment_count": "0",
"filter": "raw"
}That’s it for now—though the topic of the WordPress REST API is far from over.