RESOURCES
- REST API
- https://developer.wordpress.org/rest-api/
- https://developer.wordpress.org/rest-api/reference/
- https://developer.wordpress.org/rest-api/key-concepts/
- TUTORIAL
- https://restfulapi.net/rest/
- https://apppresser.com/using-wordpress-rest-api-mobile-app/
https://www.codeinwp.com/blog/wordpress-rest-api/
What is the WordPress REST API?
A REST API is generally a standardized method that many applications on the Internet use to communicate between
server and client. WordPress v4.7 introduced the WordPress REST
API, which allows modern WordPress plugins to use this standard method for communication instead of the
WordPress specific way of communication.
How can I enable the WordPress REST API in my website?
The WordPress REST API is enabled by default in your WordPress website. It is a standard method of communication and
there is no additional risk to have it activated compared to other methods how WordPress plugins communicate between
client and server. But some WordPress plugins allow you as WordPress admin to disable the REST API. The reason is
possible by a better performance or security aspects, which often can not be verified.
We know the following plugins that allow you to disable the REST API. By default, none of these plugins disable the
REST API, but they can optionally disable it:
- Wordfence
- iThemes Security (formerly Better WP Security)
- All In One WP Security &
Firewall - Sucuri Security
- Titan Anti-spam & Security
- Cerber Security, Anti-spam & Malware Scan
- Shield Security
- WP Hide & Security Enhancer
- BulletProof Security
- Disable REST API
- NinjaFirewall (WP Edition)
- Hide My WP Ghost
- Perfmatters
- Swift Performance
- Clearfy
Additionally, you can restrict access to the REST API in your web server configuration (usually Apache2 or NGINX).
This can be done intentionally or accidentally by rejecting requests that start with /wp-json/.
How do I know if the unreachable REST API is my issue?
You can easily check if an unreachable REST API is the problem when you see only one loading animation in a devowl.io
WordPress plugin. Just follow these steps:
- Open a new tab where you access your website.
- Right-click into the web page to open the panel “Inspect” (Google Chrome) or “Inspect Element” (Mozilla
Firefox). Here you can go to the “Console” tab. - Now open the page on which you see the loading animation that does not disappear.
- In the console, you should see an entry marked red as an error, which indicates an error 403, 404 or 500
(depending on your plugin/configuration to disable the REST API).
If you see an error like this, you need to make sure that the WordPress REST API is reachable again.
I do not want to enable the REST API in general, but for your plugin. Is this possible?
This depends on the configuration or plugin you use to restrict access to the REST API. For example, with Cerber Security, Anti-spam & Malware Scan, you can
disable the REST API using namespaces. Each plugin that uses the WordPress REST API must register a namespace in
which all endpoints are registered. For example, if you access /wp-json/realmedialibrary/v1 in your
WordPress REST API, the namespace is called realmedialibrary/v1.
We use for the devowl.io WordPress plugins the following namespaces:
- Real Media Library:
realmedialibrary/v1 - Real Physical Media:
real-physical-media/v1 - Real Category Management:
real-category-library/v1 - Real Thumbnail Generator:
real-thumbnail-generator/v1 - Real Custom Post Order:
real-custom-post-order/v1 - Real Cookie Banner:
real-cookie-banner/v1(must be available for everyone, not only for logged-in
users)
I am using a plugin like “JWT Auth”, is it compatible?
If you need to use a plugin like JWT Auth you also need to
whitelist our plugins. In case of “JWT Auth” you have to read their section “WHITELISTING ENDPOINTS” and add our
plugins to the allowed endpoints. The endpoints can be found in the paragraph above.
What is the WordPress REST API?
A REST API is generally a standardized method that many applications on the Internet use to communicate between
server and client. WordPress v4.7 introduced the WordPress REST
API, which allows modern WordPress plugins to use this standard method for communication instead of the
WordPress specific way of communication.
How can I enable the WordPress REST API in my website?
The WordPress REST API is enabled by default in your WordPress website. It is a standard method of communication and
there is no additional risk to have it activated compared to other methods how WordPress plugins communicate between
client and server. But some WordPress plugins allow you as WordPress admin to disable the REST API. The reason is
possible by a better performance or security aspects, which often can not be verified.
We know the following plugins that allow you to disable the REST API. By default, none of these plugins disable the
REST API, but they can optionally disable it:
- Wordfence
- iThemes Security (formerly Better WP Security)
- All In One WP Security &
Firewall - Sucuri Security
- Titan Anti-spam & Security
- Cerber Security, Anti-spam & Malware Scan
- Shield Security
- WP Hide & Security Enhancer
- BulletProof Security
- Disable REST API
- NinjaFirewall (WP Edition)
- Hide My WP Ghost
- Perfmatters
- Swift Performance
- Clearfy
Additionally, you can restrict access to the REST API in your web server configuration (usually Apache2 or NGINX).
This can be done intentionally or accidentally by rejecting requests that start with /wp-json/.
How do I know if the unreachable REST API is my issue?
You can easily check if an unreachable REST API is the problem when you see only one loading animation in a devowl.io
WordPress plugin. Just follow these steps:
- Open a new tab where you access your website.
- Right-click into the web page to open the panel “Inspect” (Google Chrome) or “Inspect Element” (Mozilla
Firefox). Here you can go to the “Console” tab. - Now open the page on which you see the loading animation that does not disappear.
- In the console, you should see an entry marked red as an error, which indicates an error 403, 404 or 500
(depending on your plugin/configuration to disable the REST API).
If you see an error like this, you need to make sure that the WordPress REST API is reachable again.
I do not want to enable the REST API in general, but for your plugin. Is this possible?
This depends on the configuration or plugin you use to restrict access to the REST API. For example, with Cerber Security, Anti-spam & Malware Scan, you can
disable the REST API using namespaces. Each plugin that uses the WordPress REST API must register a namespace in
which all endpoints are registered. For example, if you access /wp-json/realmedialibrary/v1 in your
WordPress REST API, the namespace is called realmedialibrary/v1.
We use for the devowl.io WordPress plugins the following namespaces:
- Real Media Library:
realmedialibrary/v1 - Real Physical Media:
real-physical-media/v1 - Real Category Management:
real-category-library/v1 - Real Thumbnail Generator:
real-thumbnail-generator/v1 - Real Custom Post Order:
real-custom-post-order/v1 - Real Cookie Banner:
real-cookie-banner/v1(must be available for everyone, not only for logged-in
users)
I am using a plugin like “JWT Auth”, is it compatible?
If you need to use a plugin like JWT Auth you also need to
whitelist our plugins. In case of “JWT Auth” you have to read their section “WHITELISTING ENDPOINTS” and add our
plugins to the allowed endpoints. The endpoints can be found in the paragraph above.
3rd Tab