REST API Toolbox

Description

Allows tweaking of several REST API settings

  • Disable the REST API
  • Remove WordPress core endpoints
  • Require authentication for core endpoints
  • Force SSL
  • WP-CLI commands: wp rest-api-toolbox

Find us on GitHub at https://github.com/petenelson/wp-rest-api-toolbox

(Creative commons toolbox image provided by James Tworow https://www.flickr.com/photos/sherlock77/)

Screenshots

  • General admin settings
  • WordPress core settings

Installation

  1. Upload rest-api-toolbox to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Visit the Settings -> REST API Toolbox page to customize

FAQ

Have any questions? We can answer them here?

Installation Instructions
  1. Upload rest-api-toolbox to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Visit the Settings -> REST API Toolbox page to customize

Reviews

This Toolbox is a Great Tool

This plugin enables three different settings for each REST API endpoint:

  1. No authentication required,
  2. Authentication required, or
  3. Not available at all.

It also makes it possible to force https and to disable JSONP.

So, together with proper authentication methods and appropriate permissions, this plugin ensures that the REST API can be used without compromising security.

Thank you!

Perfect timing!

The last update comes perfectly in time with the release 4.7. This plugin is perfect if you don’t use the REST API yet or if you don’t want your data to be accessed without your consent.

Read all 4 reviews

Contributors & Developers

“REST API Toolbox” is open source software. The following people have contributed to this plugin.

Contributors

Translate “REST API Toolbox” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.4.2 February 13th, 2017

  • Fixed bug in requiring authentication for endpoints that accessed specific items (ex: /wp/v2/users/1)

1.4.1 January 16th, 2017

  • Added settings support for No Custom Post Types
  • Fixed undefined variable notice (props @funkolector)

1.4.0 January 13th, 2017

  • Added support for removing or requiring authentication for custom post types.
  • Updated Settings UI for better clarity.
  • Added link to settings page from the plugins list page.

1.3.0 December 12th, 2016

  • Added option to require authentication for core endpoints.

1.2.0 December 5th, 2016

  • Updated the way the REST API can be disabled due to the rest_enabled filter being deprecated.
  • Added ‘settings’ to the list of core endpoints that can be removed.
  • Added CLI command: wp rest-api-toolbox status

1.1.0 April 16, 2016

  • Change REST API prefix
  • Remove specific core endpoints
  • Disable JSONP

1.0.0 April 15, 2016

  • Initial release