Imagine your WordPress interface without a block editor or a plugin. It would be difficult to work it out, right? Setting up REST API in WordPress helps us avoid this obstacle and many more.
It is responsible for enabling WordPress to interact with external applications. Whether it’s plugins, themes, custom applications, the block editor, etc., REST API allows all of them to access WP site data seamlessly.
In this blog, we will explore the process of setting up REST API in WordPress and the ways it can be integrated to make the interface accessible.
Understanding REST API Endpoints
The client might have two reasons to send a request to another application’s API:
- Requesting a resource from the app’s database
- Requesting the application to perform an action on the server
Once the API fulfils the client’s request, it responds to it to inform the status – whether completed or denied. It can also reply to the client with the requested resources.
An API gives multiple resources (clients) access to the server. To identify which one is sending the request, they use endpoints. While sending over a request, clients use a specified endpoint, also known as a URL, to make a request.
Endpoints are the locations of the resources, whereas APIs play a crucial role in allowing two applications to share their resources.
How to Test REST API Endpoints
REST API uses HTTP methods to inform the API which action to take. The four common methods to test REST API methods are:
- To retrieve a resource: GET
- To create a resource: POST
- To update an existing resource: PUT
- To remove a resource: DELETE
To make a request, write HTTP and follow it up with the endpoint URL.
Creating Custom REST API Endpoints
- Create a function to register the REST route with the register_response_route() function.
- Use get_response() to create a callback function.
- Rest_api_init will help you add the action hook and run the function create_custom_endpoint, which will initialize the REST API on the WP.
Integrating Third-Party APIs
Integrating third-party APIs enhances an application’s functionality by allowing it to communicate with external services.
Steps to Integrate Third-Party APIs
- Identify which APIs will fulfil your needs and have the required functionality.
- Things to know about that particular API documentation: how to use it, endpoints, request methods, and response formats.
- Sign up on the API provider’s website and get the API key.
- You can use tools like Postman to test the API before integrating it.
- Set up the HTTP requests to integrate the API.
- Issues might arise during API integration, so be ready to handle errors.
Now that you know how to integrate third-party APIs, let’s look at the multiple ways you can use them in the WordPress interface.
Using REST API for CRUD Operations
CRUD – create, read, update, delete are responsible for helping data interact with the database.
To create a CRUD REST API:
- Install Node.js.
- Have a code editor ready.
- Go to the terminal/ command prompt and type the commands mkdir to create your project’s directory & npm init -y to initialize it.
- Install the required packages for HTTP and parsing requests.
- Create an app.js file in your project directory and write the required code.
- Define the code for your routes for handling CRUD operations in the same app.js code.
- Run your server.
For example, if you are creating an index.js file in your directory, the code for setting up your express server can look like this:
const express = require(‘express’);
const bodyParser = require(‘body-parser’);
const app = express();
const port = 3000; // Choose any available port
app.use(bodyParser.json());
// Your routes will go here
app.listen(port, () => {
console.log(`Server running on port ${port}`);
});
Using REST API with JavaScript
Do you know what helps web developers in creating dynamic websites? Javascript.
Javascript REST API enables JS-based applications to communicate and trade data with other server-based APIs.
Fetch API, built into the modern browser, is ideal for using REST API with JavaScript. You can easily send HTTP requests using it.
- Define the API URL that you would need to call.
- Use a Fetch function to initiate a GET request with the API URL.
- The Fetch function responds with an affirmative.
- .then() method works towards handling the asynchronous response of the server.
- Check the response.ok property to ensure the validity of the response.
- To parse the JSON data, use the response.json() method.
- Either log the data to the console or handle the errors.
Suppose we want to retrieve information about books from a fictional book API. Here’s an example using JavaScript:
// Define the API URL (replace with your actual API endpoint)
const apiUrl = ‘https://api.example.com/books’;
// Make a GET request to fetch book data
fetch(apiUrl)
.then(response => {
if (!response.ok) {
throw new Error(‘Network response was not ok’);
}
return response.json();
})
.then(data => {
// Handle the retrieved data here
console.log(‘Fetched book data:’, data);
})
.catch(error => {
console.error(‘Error fetching data:’, error);
});
Using REST API in Plugins
- Get an API key
- Develop a custom plugin for your WordPress site. You can use the Plugin API to add functionality.
For example, to create a widget that displays data fetched from an external API:
- Use the WordPress REST API in your plugin to make requests.
- For the response format, choose between JSON or XML.
- Implement the HTTP methods: GET, POST, PUT, DELETE.
For example, if you want to fetch data from an external API and display it in a widget, here’s an example using JavaScript for your plugin:
//Assume you have an API endpoint
const apiUrl = ‘https://api.example.com/data‘;
// Make a GET request
fetch(apiUrl)
.then(response => {
if (!response.ok) {
throw new Error(‘Network response was not ok’);
}
return response.json();
})
.then(data => {
// Handle the retrieved data here (e.g., update your widget)
console.log(data);
})
.catch(error => {
console.error(‘Error:’, error);
});
Using REST API in Themes
Themes do not directly use REST API, but plugins and custom applications can. Users can create custom themes that interact with the REST API to fetch data, modify content, or apply specific styles.
For example, you want to add a new theme to your WordPress site via a custom plugin or script.
Here is the JS code that you can implement:
// Assume you have the necessary theme data (colors, styles, etc.)
const themeData = {
name: ‘My Custom Theme’,
stylesheet: ‘my-custom-theme’, // The theme’s folder name
// Other theme properties…
};
// Make a POST request to add the theme
$.ajax({
url: ‘/wp-json/wp/v2/themes’, // Adjust the endpoint as needed
method: ‘POST’,
data: JSON.stringify(themeData),
contentType: ‘application/json’,
success: function (response) {
console.log(‘Theme added successfully:’, response);
},
error: function (error) {
console.error(‘Error adding theme:’, error);
},
});
Using REST API with Headless WordPress
Headless WordPress separates the backend (where you manage content, themes, and plugins) and the frontend (what users see when they visit your site).
- Start by installing WordPress as usual.
- Enable the REST API built into WordPress.
- Verify that your site’s REST API is accessible
(e.g., visit https://yourwebsite.com/wp-json/wp/v2/posts). - Choose your front-end technology (React, Vue, etc.).
- Fetch data from the WordPress REST API using AJAX requests or libraries like Axios.
- Design your UI and display content dynamically.
- In headless mode, you won’t use the traditional WordPress editor.
- Disable the WYSIWYG editor (the “What You See Is What You Get” editor) to prevent conflicts.
Using REST API with GraphQL
GraphQL and REST API serve as two distinct approaches for interacting with APIs, each with its own strengths and use cases.
While we know about API, GraphQL is a query language. Clients can specify what kind of data they exactly need for the latter. It typically has a single endpoint (e.g., /graphql) for clients to send queries.
Clients define their queries and specify the fields they want. There isn’t a fixed response shape. Clients get the requested data without anything extra.
GraphQL relies on a schema that defines types, queries, and mutations. It further uses the Schema Definition Language (SDL) for queries.
Integrating GraphQL with REST APIs
- You can wrap an existing REST API with a GraphQL layer. The process will expose the same data using GraphQL.
- Analyze the REST API’s data model and derive a corresponding GraphQL schema.
- Implement resolver functions to fetch data from the REST endpoints.
Benefits of Wrapping REST APIs with GraphQL:
- Clients interact with a single GraphQL endpoint, simplifying front-end code.
- Clients request the required data.
- Optimized Data Fetching.
- Defines your data model clearly.
Authenticating REST API Requests
Authentication is paramount to secure your sensitive data in the digital world. It confirms the identity of those accessing the resources using several methods:
- Username and Password: Users are given a unique username and password to access resources across the server.
- Two/Multi-factor authentication: To access the resources, users need to authenticate their identity using multiple systems.
- Biometric authentication: The login access of the users depends on their physical imprints like fingerprints, voice recognition, and facial recognition.
- SSO/ Single sign-on: Users authenticate with a central service once and for all to gain access to multiple applications. In this case, they get rid of the separate login systems.
- Token-based authentication: A unique token is generated for each user. Example: JSON Web Tokens (JWT)
Securing REST API Endpoints
To ensure maximum security for your REST API endpoints, ensure each access request comes with authentication credentials. They must be validated on the server for all requests, even if the process gets repetitive.
Below is a checklist for securing REST API endpoints that can also serve as design principles:
- Grant a user only the required set of permissions to perform authorized actions. As the number of permissions can be managed (adding more when needed and revoking some when no longer in use), keep them limited.
- Avoid granting ‘default’ access to any file to the user unless they have an official permit.
- Design your REST API as simply as possible to ensure a seamless interaction between all the components of the interfaces.
- Keep the algorithms confidential.
- Design more than one criterion to grant permissions for accessing the resources.
- Follow the standard procedure for securing an API instead of making the process complex.
- Always use HTTP to access multiple free security features.
- PBKDF2, bcrypt, scrypt, etc., algorithms work well to ensure password security. They are called hashing algorithms that either protect the system or minimize the damage if the password is compromised in hacking attempts.
- Things to avoid in the URL: usernames, passwords, API keys, and session tokens.
- While basic auth does the job of securing APIs, OAuth is also a great alternative.
- Implement strong validation check methods in the first step and reject the request before it reaches the application logic if the validation fails. Upon rejection, you can also send a correct example of the input or an error message to improve user experience.
- HTTP custom header also allows you to add a request timestamp. The server can compare it with the current timestamp to see whether to accept the request.
Future of REST API in WordPress
Along with WordPress, REST API is also evolving. Web developers find innovative ways to combine the two innovative projects and dynamic websites. You can imagine the technical know-how that goes into developing these web pages. Whether you are an upcoming web developer or an experienced one, REST APIs are integral to your WP experience. Are you excited to take it on?