REST API
A set of URL-based endpoints that let external applications read and write WordPress data using standard HTTP requests.
The WordPress REST API is a programming interface that exposes your site’s data (posts, pages, users, comments, and more) as structured JSON through standard HTTP URLs. Any application that can make web requests can read from or write to your WordPress site without touching the admin dashboard or the database directly.
WordPress has shipped with a built-in REST API since version 4.7 (December 2016). Every default WordPress installation exposes these endpoints at yourdomain.com/wp-json/wp/v2/. No plugin required.
How It Works
The REST API maps standard HTTP methods to WordPress operations:
- GET reads data
- POST creates new content
- PUT/PATCH updates existing content
- DELETE removes content
For example, fetching your latest 5 published posts is a single GET request:
curl https://yourdomain.com/wp-json/wp/v2/posts?per_page=5&status=publishThe response comes back as JSON:
[
{
"id": 42,
"title": { "rendered": "How to Set Up WooCommerce" },
"slug": "how-to-set-up-woocommerce",
"status": "publish",
"date": "2026-04-10T08:30:00"
}
]Creating a new post requires authentication. WordPress supports application passwords (built in since 5.6) and cookie-based auth. Here is a POST request using an application password:
curl -X POST https://yourdomain.com/wp-json/wp/v2/posts \
-u "username:xxxx xxxx xxxx xxxx" \
-H "Content-Type: application/json" \
-d '{"title":"New Post via API","content":"Created programmatically.","status":"draft"}'Plugins and themes can register custom endpoints using register_rest_route():
add_action('rest_api_init', function () {
register_rest_route('wpschool/v1', '/featured', [
'methods' => 'GET',
'callback' => 'get_featured_posts',
'permission_callback' => '__return_true',
]);
});This creates a new endpoint at /wp-json/wpschool/v1/featured that returns whatever the get_featured_posts function produces.
Common Use Cases
Headless WordPress. Developers use the REST API to power a React, Vue, or Next.js frontend while keeping WordPress as the content backend. In our testing, a headless setup with Next.js and the REST API cut average page load times by 40% compared to a traditional PHP theme on the same hosting plan.
Mobile apps. The REST API lets iOS and Android apps pull posts, submit comments, and manage content without screen-scraping or custom database queries. The official WordPress mobile app itself runs on the REST API.
Third-party integrations. Tools like Zapier, Make (formerly Integromat), and custom scripts use REST API endpoints to sync WordPress content with CRMs, email platforms, and inventory systems. A WooCommerce store can push new orders to a fulfillment service the moment they are placed.
Content migration. Moving content between WordPress sites or from another CMS becomes a scripting task. Pull posts from the source via GET, push them to the destination via POST. We have migrated sites with 10,000+ posts this way in under an hour.
Why It Matters
The REST API turns WordPress from a monolithic application into a flexible content platform. For site owners, this means your content is not locked inside a single theme or frontend. You can redesign the entire user-facing site without touching your content or editorial workflow.
For developers, it eliminates the need to write custom AJAX handlers or build one-off database queries for every integration. The API is standardized, documented at developer.wordpress.org/rest-api, and follows conventions that any developer familiar with REST architecture already understands.
Security matters here too. Every REST API endpoint respects WordPress’s existing permission system. Unauthenticated users can only read public data. Write operations require proper credentials. You can restrict or disable specific endpoints with a single permission_callback function. After managing 200+ client sites, the REST API’s permission model has been more predictable than custom AJAX endpoints, which often ship with inconsistent nonce validation.
If you are building anything beyond a basic blog, the REST API is the right way to connect WordPress with the rest of your stack. Skip it and you will end up writing brittle, one-off integrations that break on every WordPress update.