Access your site's data through an easy-to-use HTTP REST API.
Add new routes for taxonomies and terms.
Taxonomies and terms have now been moved from the
namespace to global routes:
Test coverage for taxonomy endpoints has also been increased to 100%.
Deprecation warning: The
/posts/types/<type>/taxonomies endpoint (and
sub-endpoints with the same prefix) have been deprecated in favour of the new
endpoints. These deprecated endpoints will now return a
X-WP-DeprecatedFunction header indicating that the endpoint should not be
used for new development, but will continue to work in the future.
Allow customizing the API resources prefix
The API base (typically
wp-json/) can now be customized to a different
prefix using the
json_url_prefix filter. Note that rewrites will need to be
flushed manually after changing this.
null as date for draft posts.
Draft posts would previously return "0000-00-00 00:00:00" or
"1970-01-01T00:00:00", as draft posts are not assigned a publish date. The API
null where a date is not available.
Compatibility warning: Clients should be prepared to accept
null as a
value for date/time fields, and treat it as if no value is set.
Fix errors with excerpt.
Posts without excerpts could previously return nonsense strings, excerpts from other posts, or cause internal PHP errors. Posts without excerpts will now always return an excerpt, typically automatically generated from the post content.
excerpt_raw field was added to the edit context on posts. This field
contains the raw excerpt data saved for the post, including empty
Only expose email for edit context.
User email addresses are now only exposed for
context=edit, which requires
edit_users permission (not required for the current user).
The email address field will now return
false instead of a string if the
field is not exposed.
Correct password-protected post handling.
Password-protected posts could previously be exposed to all users, however
could also have broken behaviour with excerpts. Password-protected posts are
now hidden to unauthenticated users, while content and excerpts are shown
correctly for the
(Note that hiding password-protected posts is intended to be a temporary measure, and will likely change in the future.)
Add documentation on authentication methods.
Full documentation on authentication is now available. This documentation explains the difference between the various available authentication methods, and notes which should be used.
(props @rmccue, #242)
Include new client JS from github.io
wp-api.github.io to ensure it is always up-to-date.
Don't allow setting the modification date on post creation/update.
As it turns out, WP core doesn't allow us to set this, so this was previously a no-op anyway. Discovered during test coverage phase.
Check post parent correctly on insertion.
Posts could previously be added with an invalid parent ID. These IDs are now checked to ensure the post exists.
Make sure the type is actually evaluated for
This value was previously not interpolated correctly, due to the use of the single-quoted string type.
(props @danielbachhuber, #266)
WP_Error instead of array of empty objects for a revisions
Previously, when trying to access post revisions without correct permissions, a JSON list of internal error objects would be returned. This has been corrected to return a standard API error instead.
Flip user parameters check for insert/update.
Previously, you could add a user without specifying username/password/email, but couldn't update a user without those parameters. The logic has been inverted here instead.
Add revision endpoints tests
Add post endpoint testing
Now at >54% coverage for the whole class, and >80% for the main methods. This figure will continue to rise over the next few releases.
(props @rachelbaker, @rmccue, #99)
Separate helper functions into global namespace.
WP_JSON_Server::get_avatar_url() and ``WP_JSON_Server::parse_date()` have
all been moved into the global namespace to decouple them from the server
Deprecation warning: These methods have been deprecated. The new
json_parse_date() methods should now be used instead.
Re-order Users and Media routes documentation based on CRUD order
(props @rachelbaker, #214)
Update Post route documentation to provide more detail for data parameter
(props @rachelbaker, #212)
Correct documentation typo ("inforcement" -> "enforcement").
(props @ericandrewlewis, #236)
Coding Standards audit
(props @DrewAPicture, #235)
Add comparison documentation.
json_url filter call should be passed
(props @ericandrewlewis, #243)
class-jsonserializable.php file mode to 644.
(props @jeremyfelt, #255)
Remove unneeded "which" in implementation doc.
(props @JDGrimes, #254)
Fix a copy/paste error in schema doc.
(props @JDGrimes, #253)
Correct reference link in example schema.
(props @danielbachhuber, #258)
Add missing post formats to post schema documentation.
(props @danielbachhuber, #260)
Ensure we always use "public" on public methods.
(props @danielbachhuber, #268)
Ensure we don't cause a PHP error if a post does not have revisions.
(props @rmccue, #227)
Add note to where upload_files cap comes from
(props @pkevan, #282)
Add handling of
sticky property when creating or editing posts.
(props @rachelbaker, #218)
Update post route endpoint docs to include details on
(props @rachelbaker, #213)
Update main readme file to better describe the project.
(props @rmccue, #303)
--data-binary cURL option in documentation
Add user endpoints.
Creating, reading, updating and deleting users and their data is now possible
by using the
/users/me can be used to determine the
current user, and returns a 401 status for non-logged in users.
Note that the format of post authors has changed, as it is now an embedded User entity. This should not break backwards compatibility.
Custom post types gain this ability automatically.
Add post meta endpoints.
Creating, reading, updating and deleting post meta is now possible by using
/posts/<id>/meta endpoints. Post meta is now correctly embedded into
Meta can be updated via the Post entity (e.g.
/posts/<id>) or via
the entity itself at
/posts/<id>/meta/<mid>. Meta deletion must be done via
DELETE request to the latter.
Only non-protected and non-serialized meta can be accessed or manipulated via the API. This is not predicted to change in the future; clients wishing to access this data should consider alternative approaches.
Custom post types do not currently gain this ability automatically.
Add endpoint for deleting a single comment.
Clients can now send a
DELETE request to comment routes to delete
Custom post types supporting comments will gain this ability automatically.
Add endpoint for post revisions.
Post revisions are now available at
/posts/<id>/revisions, and are linked in
meta.links.version-history key of post entities.
Custom post types supporting revisions will gain this ability automatically.
(props @tlovett1, #193)
Respond to requests without depending on pretty permalink settings.
For sites without pretty permalinks enabled, the API is now available from
?json_route=/. Clients should check for this via the autodiscovery methods
(Link header or RSD).
Add register post type argument.
Post types can now indicate their availability via the API using the
show_in_json argument passed to
register_post_type. This value defaults to
publicly_queryable argument (which itself defaults to the
(props @iandunn, @rmccue, #145)
Remove basic authentication handler.
This breaks backwards compatibility for clients using Basic authentication. Clients are encouraged to switch to using OAuth authentication. The Basic Authentication plugin can be installed for backwards compatibility and local development, however should not be used in production.
Require nonces for cookie-based authentication.
Clean up deprecated methods/functions.
Functions and methods previously deprecated in 0.8/0.9 have now been removed. Future deprecations will take place in the same manner as WordPress core.
This breaks backwards compatibility, however these were marked as deprecated in previous releases.
(props @rmccue, #187)
Only expose meta on 'edit' context as a temporary workaround.
Privacy concerns around exposing meta to all users necessitate this change.
This breaks backwards compatibility as post meta data is no longer
available to all users. Clients wishing to access this data should
authenticate and use the
(props @iandunn, @rmccue, #135)
json_ensure_response function to ensure either a
WP_JSON_ResponseInterface or a
WP_Error object is returned.
When extending the API, the
json_ensure_response function can be used to
ensure that any raw data returned is wrapped with a
This allows using
get_data easily, however
still be checked via
Use version option to check on init if rewrite rules should be flushed.
Rewrite rules on multisite are now flushed via an init hook, rather than switching to each site on activation.
(props @rachelbaker, #149)
Fix typo in schema docs
(props @codebykat, #132)
Add check for valid JSON data before using to avoid parameter overwrite.
When passing data to an endpoint that accepts JSON data, the data will now be validated before passing to the endpoint.
(props @rachelbaker, @rmccue, #133)
Add authentication property to site index.
(props @rmccue, #131)
Move the test helper to a subdirectory.
The plugin will now no longer prompt for updates due to the helper.
(props @rmccue, #127)
Include post ID with
(props @rmccue, #137)
Corrected parameter names in x-form examples in docs.
(props @rachelbaker, #134)
WP_JSON_Server instance to
Don't use deprecated function in
(props @rachelbaker, #150)
Pass post ID to
json_insert_post action during both insert and update.
(props @cmmarslender, #148)
Add descriptions to taxonomy term data.
(props @pushred, #111)
Ensure we handle raw data passed to the API.
prepare_author method from
(props @rachelbaker, #165)
Add multiple post type support to get_posts method.
WP_JSON_Posts::get_comment for invalid comments.
Update getting started documentation.
(props @rmccue, #176)
Improve and clarify "array" input syntax documentation.
Update post routes documentation.
Add documentation for user endpoints.
(props @rachelbaker, @rmccue, #158)
Add permalink settings step to Quick Setup instructions.
(props @kadamwhite, #183)
Update taxonomy collection to return indexed array.
(props @mattheu, #184)
Remove placeholder endpoints.
Fix issues with embedded attachments.
Checks that the post supports attachment data before adding it, and ensures we don't embed entities many layers deep.
(props @rmccue, #194)
Change post parent preparation context to embed.
(props @rmccue, #195)
Change server meta links to reference the WP-API organization GitHub repo.
(props @rachelbaker, #208)
Fix plugin tests
(props @rmccue, #215)
Check for errors with invalid dates and remove duplicate date parsing methods.
This breaks backwards compatibility and requires any clients to now use
wp-json/, or preferably the new RSD/Link headers.
Move filter registration out of CPT constructor. CPT subclasses now require
you to call
$myobject->register_filters(), in order to move global state out
of the constructor.
This breaks backwards compatibility and requires any subclassing to now
Endpoints that need to set headers or response codes should now return a
WP_JSON_Response rather than using the server methods.
WP_JSON_ResponseInterface may also be used for more flexible use of the
Deprecation warning: Calling
is now deprecated. This will be removed in 1.0.
(props @rmccue, #33)
Change all semiCamelCase names to underscore_case.
Deprecation warning: Any calls to semiCamelCase methods require any subclassing to update method references. This will be removed in 1.0.
Add multisite compatibility. If the plugin is network activated, the plugin is
now activated once-per-site, so
wp-json/ is always site-local.
Add RSD and Link headers for discovery
(props @rmccue, #40)
WP_JSON_Posts->prepare_author() now verifies the
$user object is set.
Added unit testing framework. Currently only a smaller number of tests, but we plan to increase this significantly as soon as possible.
Link collection filtering docs to URL formatting guide.
(props @kadamwhite, #74)
/pages references from
Fix compatibility with
DateTime::createFromFormat on PHP 5.2
WP_JSON_CustomPostType::__construct() requires a param of type
(props @tlovett1, #88)
Add timezone parameter to WP_JSON_DateTime::createFromFormat()
Remove IXR references.
IXR_Error is no longer accepted as a return value.
This breaks backwards compatibility and requires anyone returning
IXR_Error objects to now return
Fix bugs with attaching featured images to posts:
WP_JSON_Media::attachThumbnail()should do nothing if
$updateis false without a post ID
(props @Webbgaraget, #55)
jsonSerialize on ResponseInterface
(props @rmccue, #97)
Allow JSON post creation/update for
Return null if post doesn't have an excerpt
(props @rachelbacker, #72)
Fix link to issue tracker in README
(props @rmccue, @tobych, #125)
Add compatibility layer for JsonSerializable. You can now return arbitrary
objects from endpoints and use the
jsonSerialize() method to return the data
to serialize instead of just using the properties of the object.
(props @rmccue, #24)
Fix page parent links to use
(props @thenbrent, #27)
(props @thenbrent, #29)
Removed unneeded executable bit on all files
(props @tierra, #31)
Don't include the
featured_image property for post types that don't
(props @phh, #43)
wp_json_server_before_serve instead of
plugins_loaded in the Extending
documentation for plugins
(props @phh, #43)
Parse the avatar URL from the
get_avatar() function in core, allowing custom
Ensure that the author is set if passed
(props @kuchenundkakao, #44)
Clarify the usage of
WP_JSON_CustomPostType in plugins
(props @rmccue, #45)
Ensure JSON disabled error messages are translated
(props @rmccue, #38)
Remove extra "Link: " from link headers
get_avatar method in
(props @rachelbaker, #35)
(props @rachelbaker, #35)
The response handler object is now passed into the endpoint objects via the constructor, allowing you to avoid excess global state where possible. It's recommended to use this where possible rather than the global object.
(props @rmccue, #2)
Fix undefined variables and indices (props @pippinsplugins, #5)
Correct call to deactivation hook (props @ericpedia, #9)
Check metadata access correctly rather than always hiding for users without
(props @kokarn, #10)
Return all term metadata, rather than just the last one (props @afurculita, #13)
Access post metadata from cache where possible - Note, this is a backwards compatibility break, as the format of the metadata has changed. This may change again in the near future, so don't rely on it until 1.0. (props @afurculita, #14)
Add term_link to prepare_term (props @afurculita, #15)
/pages references in
(props @thenbrent, #26)
Sanitize headers for newlines (props @kokarn, #7)
Register rewrite rules during plugin activation (props @pippinsplugins, #17)
WP_JSON_CustomPostTypeand get free hooking for common actions. This removes most of the boilerplate that you needed to write for new CPT-based routes and endpoints (#380)
/posts/types/post/taxonomies/categoryfor example), but the intention is to future-proof them as much as possible(#275)
Separate the post-related endpoints - Post-related endpoints are now located
WP_JSON_Posts class. When implementing custom post type support,
it's recommended to subclass this.
The various types are now also only registered via hooks, rather than directly in the server class, which should make it easier to override them as well (#348)
X-WP-TotalPagesheaders for information on post/pagination counts (#266)
json_routebefore using it (#336)
plugin.php- This allows using both outside of the API itself (#343)
getPost(0)now returns an error rather than the latest post (#344)
json_dispatch_argsfilter for input as well as the
json_serve_requestfilter for output to serve up alternative formats (e.g. MsgPack, XML (if you're insane))
profilelink in the index, to indicate the JSON Schema that the API conforms to. In the future, this will be versioned.
pageargument without messing with WP Query syntax (#266)
If-Unmodified-Sinceheader. Pass this in to avoid conflicting edits (#294)
*_rawkey, which is only available to users with
Requires: 3.9 or higher
Compatible up to: 3.9.1
Last Updated: 2014-6-17
5 of 17 support threads in the last two months have been resolved.
Got something to say? Need help?