Description
RESTful JSON API provides simple JSON endpoints for WordPress content and user-facing app workflows. It is designed for mobile apps, external tools, and lightweight integrations that need predictable JSON responses from WordPress.
Built-in features include:
- Core endpoints for pages, search, indexes, menus, and API metadata.
- Posts controller endpoints for read-only post lists, single posts, CPT discovery, custom taxonomies, taxonomy terms/posts, media, attachments, comments, date archives, category archives, tag archives, and author archives.
- Comment submission endpoints.
- Widget/sidebar retrieval endpoints.
- User signup, login, token validation, current-user profile, avatars, password reset requests, user meta, and authenticated comments.
- Plugin-issued JWT bearer tokens for protected endpoints.
- Optional shared API-key protection.
- CORS allowed-origin settings.
- HTTPS enforcement for password and bearer-token requests, enabled by default.
Full endpoint documentation with sample code is available in Settings > RESTful JSON API > Documentation. The same long-form documentation is also included in readme.md inside the plugin package.
Installation
- Upload the
restful-json-apifolder to/wp-content/plugins/. - Activate the plugin from the WordPress Plugins screen.
- Open Settings > RESTful JSON API.
- Configure the API base path, optional API key, CORS origins, HTTPS requirement, and enabled controllers.
FAQ
-
How do clients authenticate?
-
Clients call the User controller login endpoint with a username and password over HTTPS. The response includes a plugin-issued JWT. Protected endpoints require
Authorization: Bearer ACCESS_TOKEN. -
Do users need WordPress Application Passwords?
-
No. This plugin uses JWT authentication, so users do not need to manually create Application Passwords.
-
Is HTTPS required?
-
HTTPS is required by default for password and bearer-token requests. Site owners can disable this in Settings > RESTful JSON API for local or non-SSL environments, but production sites should keep it enabled.
-
No. Cookie-based authentication endpoints were removed. Use JWT bearer tokens instead.
-
Where are the endpoint examples?
-
Open Settings > RESTful JSON API > Documentation for login, token validation, post create/update/delete, user meta, comment, and controller examples. The same documentation is also included in
readme.md.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“RESTful JSON API” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “RESTful JSON API” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
0.15.7 (2026-07-15):
- Initial release.




