How to update data in WordPress via REST API using your Endpoint and API KEY

We continue exploring the topic of custom endpoints in WordPress. Today we'll learn how to update data in the database using the WP API.

Here’s the full example code for today’s lesson:

<?php
add_action('rest_api_init', function()
{
	/**
	 * Update
	 */
	register_rest_route('app/v1', 'update', [
		'methods' => WP_REST_Server::EDITABLE,
		'permission_callback' => function(WP_REST_Request $Request)
		{
			if($Request -> get_param('key') != '123qwe')
			{
				return new WP_Error('key', 'API KEY is wrong', [
					'status' => 400
				]);
			}

			$Post = get_post( $Request -> get_param('post_id') );

			return is_a($Post, 'WP_Post');
		},
		'callback' => function(WP_REST_Request $Request)
		{
			$post_id = wp_update_post([
				'ID' => $Request -> get_param('post_id'),
				'post_title' => wp_strip_all_tags( $Request -> get_param('post_title') ),
				'post_content' => $Request -> get_param('post_content'),
			]);
			
			return get_post( $post_id );
		},
		'args' => [
			'key' => [
				'description' => 'API KEY',
				'type'=> 'string',
				'required' => true,
			],
			'post_id' => [
				'description' => 'Post ID',
				'type'=> 'integer',
				'required' => true,
			],
			'post_title' => [
				'description' => 'Post title',
				'type'=> 'string',
				'required' => true,
			],
			'post_content' => [
				'description' => 'Post content',
				'type'=> 'string',
				'required' => true,
			],
		]
	]);
});

For testing, you can use the following URL — “your.site/wp-json/app/v1/update?key=123qwe&post_id=59&post_title=Carrot&post_content=Carrot is a biennial plant, a vegetable crop, a subspecies of wild carrot.”
Don’t forget to replace the domain “your.site” with your actual one. You can use tools like Postman, PHP CURL, or any other method you prefer.

As for the code: unlike creating data via API, in this case, we also need to pass the ID of the post we want to update. In our example, this is the “post_id” parameter, which is required:

'args' => [
	'key' => [
		'description' => 'API KEY',
		'type'=> 'string',
		'required' => true,
	],
	'post_id' => [
		'description' => 'Post ID',
		'type'=> 'integer',
		'required' => true,
	],
	'post_title' => [
		'description' => 'Post title',
		'type'=> 'string',
		'required' => true,
	],
	'post_content' => [
		'description' => 'Post content',
		'type'=> 'string',
		'required' => true,
	],
]

In the “register_rest_route” function, don’t forget to specify the request method as “POST”, “PUT”, or “PATCH”, or use the WP constant `WP_REST_Server::EDITABLE`.

Also, the input parameter validation has become a bit more complex:

'permission_callback' => function(WP_REST_Request $Request)
{
	if($Request -> get_param('key') != '123qwe')
	{
		return new WP_Error('key', 'API KEY is wrong', [
			'status' => 400
		]);
	}

	$Post = get_post( $Request -> get_param('post_id') );

	return is_a($Post, 'WP_Post');
},

In addition to checking the API key, we also check whether the post exists in the database using the `is_a` function (i.e., if the `$Post` variable is an object of type `WP_Post`, it returns TRUE and continues. Otherwise, the function returns FALSE and terminates the request).

The core logic of this endpoint is in the callback:

'callback' => function(WP_REST_Request $Request)
{
	$post_id = wp_update_post([
		'ID' => $Request -> get_param('post_id'),
		'post_title' => wp_strip_all_tags( $Request -> get_param('post_title') ),
		'post_content' => $Request -> get_param('post_content'),
	]);
	
	return get_post( $post_id );
},

Here we use the WP function `wp_update_post` to update the post data according to the incoming parameters, and return a JSON object as a response.

2021-01-02 Pavel WordPress API, API-KEY, Endpoint, REST CommentsNo Comments

Are you having problems with your WordPress site? Do you need additional functionality? A custom plugin or a new page?
Then write to me via the feedback form, and I will try to help you.