Opis
WordPress is moving towards becoming a fully-fledged application framework, and we need new APIs. This project was born to create an easy-to-use, easy-to-understand and well-tested framework for creating these APIs, plus creating APIs for core.
This plugin provides an easy to use REST API, available via HTTP. Grab your site's data in simple JSON format, including users, posts, taxonomies and more. Retrieving or updating data is as simple as sending a HTTP request.
Want to get your site's posts? Simply send a GET
request to /wp-json/wp/v2/posts
. Update user with ID 4? Send a PUT
request to /wp-json/wp/v2/users/4
. Get all posts with the search term “awesome”? GET /wp-json/wp/v2/posts?filter[s]=awesome
. It's that easy.
The WordPress REST API exposes a simple yet easy interface to WP Query, the posts API, post meta API, users API, revisions API and many more. Chances are, if you can do it with WordPress, the API will let you do it.
The REST API also includes an easy-to-use JavaScript API based on Backbone models, allowing plugin and theme developers to get up and running without needing to know anything about the details of getting connected.
Check out our documentation for information on what's available in the API and how to use it. We've also got documentation on extending the API with extra data for plugin and theme developers!
All tickets for the project are being tracked on GitHub. You can also take a look at the recent updates for the project.
Instalacija
Install the WP REST API via the plugin directory, or by uploading the files manually to your server.
For full-flavoured API support, you'll need to be using pretty permalinks to use the plugin, as it uses custom rewrite rules to power the API.
Once you've installed and activated the plugin, check out the documentation for details on your newly available endpoints.
ČPP
- Installation Instructions
-
Install the WP REST API via the plugin directory, or by uploading the files manually to your server.
For full-flavoured API support, you'll need to be using pretty permalinks to use the plugin, as it uses custom rewrite rules to power the API.
Once you've installed and activated the plugin, check out the documentation for details on your newly available endpoints.
Recenzije
Saradnici i programeri
“WordPress REST API (Version 2)” is open source software. The following people have contributed to this plugin.
DoprinositeljiPrevedi “WordPress REST API (Version 2)” na vaš jezik.
Zainteresirani za razvoj?
Pregledajte kôd, pogledajte SVN spremišteili se pretplatite na dnevnik razvoja od RSS.
Zapis promijena
2.0 Beta 15.0 (October 07, 2016)
-
Introduce support for Post Meta, Term Meta, User Meta, and Comment Meta in
their parent endpoints.For your meta fields to be exposed in the REST API, you need to register
them. WordPress includes aregister_meta()
function which is not usually
required to get/set fields, but is required for API support.To register your field, simply call register_meta and set the show_in_rest
flag to true. Note: register_meta must be called separately for each meta
key.(props @rmccue, @danielbachhuber, @kjbenk, @duncanjbrown, #2765)
-
Introduce Settings endpoint.
Expose options to the REST API with the
register_setting()
function, by
passing$args = array( 'show_in_rest' => true )
. Note: WordPress 4.7 is
required. See changeset [38635][https://core.trac.wordpress.org/changeset/38635].(props @joehoyle, @fjarrett, @danielbachhuber, @jonathanbardo,
@greatislander, #2739) -
Attachments controller, change permissions check to match core.
Check for the
upload_files
capability when creating an attachment.(props @nullvariable, @adamsilverstein, #2743)
-
Add
?{taxonomy}_exclude=
query parameterThis mirrors our existing support for ?{taxonomy}= filtering in the posts
controller (which allows querying for only records with are associated with
any of the provided term IDs for the specified taxonomy) by adding an
equivalent_exclude
variant to list IDs of terms for which associated posts
should NOT be returned.(props @kadamwhite, #2756)
-
Use
get_comment_type()
when comparing updating comment status.Comments having a empty
comment_type
within WordPress bites us again.
Fixes a bug where comments could not be updated because of bad comparison
logic.(props @joehoyle, #2753)
2.0 Beta 13.0 (March 29, 2016)
-
BREAKING CHANGE: Fix Content-Disposition header parsing.
Allows regular form submissions from HTML forms, as well as properly formatted HTTP requests from clients. Note: this breaks backwards compatibility, as previously, the header parsing was completely wrong.
(props @rmccue, #2239)
-
BREAKING CHANGE: Use compact links for embedded responses if they are available.
Introduces curies for sites running WordPress 4.5 or greater; no changes for those running WordPress 4.4.
(props @joehoyle, #2412)
-
JavaScript client updates:
- Support lodash, plus older and newer underscore: add an alias for
_.contains
- Add args and options on the model/collection prototypes
- Rework category/tag mixins to support new API structure
- Add workaround for the null/empty values returned by the API when creating a new post * these values are not accepted for subsequent updates/saves, so explicitly excluding them. See https://github.com/WP-API/WP-API/pull/2393
- Better handling of the (special)
me
endpoint - Schema parsing cleanup
- Introduce
wp.api.loadPromise
so developers can ensure api load complete before using
(props @adamsilverstein, #2403)
- Support lodash, plus older and newer underscore: add an alias for
-
Only adds alternate link header for publicly viewable CPTs.
(props @bradyvercher, #2387)
-
Adds
roles
param forGET /wp/v2/users
.(props @BE-Webdesign, #2372)
-
Declares
password
in user schema, but never displays it.(props @danielbachhuber, #2386)
-
Permits
edit
context for requests which can edit the user.(props @danielbachhuber, #2383)
-
Adds
rest_pre_insert_{$taxonomy}
filter for terms.(props @kjbenk, #2377)
-
Supports taxonomy collection args on posts endpoint.
(props @joehoyle, #2287)
-
Removes post meta link from post response.
(props @joehoyle, #2288)
-
Registers
description
attribute when registering args from schema.(props @danielbachhuber, #2362)
-
Uses
$comment
from the database withrest_insert_comment
action.(props @danielbachhuber, #2349)
-
Removes unnecessary global variables from users controller.
(props @claudiosmweb, #2335)
-
Ensures
GET /wp/v2/categories
with out of bounds offset doesn't return results.(props @danielbachhuber, #2313)
-
Adds top-level support for date queries on posts and comments.
-
Respects
show_avatars
setting for comments.(props @BE-Webdesign, #2271)
-
Uses cached
get_the_terms()
for terms-for-post for better performance.(props @rmccue, #2257)
-
Ensures comments search is an empty string.
(props @rmccue, #2256)
-
If no title is provided in create attachment request or file metadata, falls back to filename.
(props @danielbachhuber, #2254)
-
Removes unused
$img_url_basename
variable in attachments controller.(props @danielbachhuber, #2250)
2.0 Beta 12.0 (February 9, 2016)
-
BREAKING CHANGE: Removes meta endpoints from primary plugin.
If your project depends on post meta endpoints, please install WP REST API Meta Endpoints. For the gory history of meta, read #1425 and linked issues. At this time, we recommend using
register_rest_field()
to expose meta (docs).(props @danielbachhuber, #2172)
-
BREAKING CHANGE: Returns original resource when deleting PTCU.
Now that all resources require the
force
param, we don't need to wrap delete responses with thetrash
state.(props @danielbachhuber, #2163)
-
BREAKING CHANGE: Uses
roles
rather thanrole
in the Users controller.Building the REST API gives us the opportunity to standardize on
roles
, instead of having bothroles
androle
.(props @joehoyle, #2177)
-
BREAKING CHANGES: Moves to consistent use of
context
throughout controllers.Contexts limit the data present in the response. Here's how to think of them:
embed
correlates with sidebar representation,view
represents the primary public view, andedit
is the data expected for an editor.(props @danielbachhuber, #2205, #2204, #2203, #2218, #2216, #2230, #2184, #2235)
-
BREAKING CHANGE: Removes
post_*
query param support forGET /wp/v2/comments
.The proper pattern is to use
GET /wp/v2/posts
to fetch the post IDs to limit the request to.(props @danielbachhuber, #2165)
-
BREAKING CHANGE: Introduces
rest_validate_request_arg()
/rest_sanitize_request_arg()
.Dedicated functions means we can use them for validating / sanitizing query args too. Removes
WP_REST_Controller::validate_schema_property()
andWP_REST_Controller::sanitize_schema_property()
. -
Requires minimum value of 1 for
page
param.(props @danielbachhuber, #2241)
-
Introduces
media_type
andmime_type
params forGET /wp/v2/media
.(props @danielbachhuber, #2231)
-
Uses the term cache for post data.
(props @rmccue, #2234)
-
Supports for querying comments where
post=0
.(props @danielbachhuber, #1865)
-
Exposes taxonomy and post type capabilities in
context=edit
.(props @danielbachhuber, #2216)
-
Errors early when user can't GET types or taxonomies when
context=edit
.(props @danielbachhuber, #2218)
-
Passes original $request context to
prepare_items_query
.(props @danielbachhuber, #2211)
-
Adds
parent
andparent_exclude
params to GET Comments.(props @danielbachhuber, #2206)
-
Enforces minimum 1 and maximum 100 values for
per_page
parameter.(props @danielbachhuber, #2209)
-
Adds
author
andauthor_exclude
params to GET Posts and Comments. -
Adds
menu_order
param forGET
Pages; supportmenu_order
orderby.(props @danielbachhuber, #2193)
-
Only calls
sanitize_text_field()
when sanitizingtype=string,format=email
.(props @danielbachhuber, #2185)
-
Validates
GET /wp/v2/comments
private query params.Returns an error when user doesn't have permission to use them, instead of silently discarding.
(props @danielbachhuber, #2178)
-
Explicitly prevents uploading attachments to other attachments or revisions.
(props @danielbachhuber, #2180)
-
Permits user urls to be edited through the API.
(props @danielbachhuber, #2182)
-
Marks all Status, Type and Taxonomy fields as
readonly
.(props @danielbachhuber, #2181)
-
Adds validation callbacks to collection query params.
-
Links taxonomy terms to the post type collections they support.
(props @danielbachhuber, #2167)
-
Returns error when making a
GET
request with invalid context.(props @danielbachhuber, #2169)
-
Adds
trash
status toGET /wp/v2/statuses
.(props @danielbachhuber, #2158)
-
Indicates when fields have HTML in schema.
(props @joehoyle, #2159)
-
Permits viewing of User who has published any Public posts.
(props @danielbachhuber, #2155)
-
Respects
show_avatars
option when adding avatars to Users.(props @nullvariable, #2151)
-
Controllers use
$namespace
and$rest_base
class variables for easier subclassing.(props @danielbachhuber, #2119, #2130, #2131, #2132, #2133, #2134, #2139, #2141, #2142)
2.0 Beta 11.0 (January 25, 2016)
-
BREAKING CHANGE: Moves Post->Term relations to the Post Resource
Previously, a client would fetch a Post's Tags with
GET /wp/v2/posts/<id>/tags
.In Beta 11, an array of term ids is included on the Post resource.
The collection of terms for a Post can be fetched with
GET /wp/v2/tags?post=<id>
.The
WP_REST_Posts_Terms_Controller
class no longer exists.(props @joehoyle, #2063)
-
BREAKING CHANGE: Adds latest JS client including a minified version.
See pull request for a summarized changelog.
(props @adamsilverstein, #1981)
-
BREAKING CHANGE: Changes
featured_image
attribute on Posts tofeatured_media
.While featuring other attachment types isn't yet officially supported, this makes it easier for us to introduce the possibility in the future.
(props @danielbachhuber, #2044)
-
BREAKING CHANGE: Uses discrete schema title for categories and tags.
If you've used
register_rest_field( 'term' )
, you'll need to change'term'
to'tag'
and/or'category'
.(props @danielbachhuber, #2005)
-
BREAKING CHANGE: Makes many filters dynamic based on the controller type.
If you were using the
rest_prepare_term
filter, you'll need to change it torest_prepare_post_tag
orrest_prepare_category
.If you were using
rest_post_query
orrest_terms_query
, you'll need update your use torest_page_query
, etc.If you were using
rest_post_trashable
,rest_insert_post
orrest_delete_post
, they are now dynamic based on the post type slug. -
Renames
GET /wp/v2/comments
user
param toauthor
to match resource attribute.Not a breaking change, because it didn't work in the first place.
(props @danielbachhuber, #2105)
-
Adds support for
GET /wp/v2/pages parent=1,2,3
.(props @danielbachhuber, #2101)
-
Persists image metadata title and caption when not present in the request.
(props @danielbachhuber, #2079)
-
Add
parent_exclude
param toGET /wp/v2/posts
.(props @danielbachhuber, #2077)
-
Adds
slug
param support for collections of Posts, Users, and Taxonomy Terms. -
When a comment is already trashed, returns
410:rest_already_trashed
.(props @danielbachhuber, #2069)
-
Filter the responses by context after processing additional fields.
(props @danielbachhuber, #2067)
-
Adds
offset
param support for collections of Posts, Users, Comments, and Taxonomy Terms. -
Adds
rest_insert_{$taxonomy}
andrest_delete_{$taxonomy}
actions.(props @danielbachhuber, #2060)
-
Provides more helpful error message/code on Post Create/Update fail.
(props @danielbachhuber, #2053)
-
Forces
GET /wp/v2/media
to be limited to'status' => [ inherit, private, trash ]
(props @danielbachhuber, #2026)
-
Uses more correct error code for
Comment::delete
permission check.(props @danielbachhuber, #2054)
-
Calls
prepare_item_for_response()
directly in create and update methods.This lets us pass the original request through, giving the method and its filter genuine context, and avoids an
unnecessary call toget_item()
. -
Moves permission check methods across controllers.
Placing them above the method they're supposed to check makes the code more readable.
(props @danielbachhuber, #2030, #2029, #2034, #2036, #2037, #2035, #2039)
-
Requires
force
argument forDELETE /wp/v2/<taxonomy>/<id>
.(props @danielbachhuber, #2028)
-
Conditionally requires and defines REST API classes and functions.
-
Avoid a duplicate query for the comment count.
(props @rmccue, #2015)
-
Parses
$date
if available inprepare_date_response()
(props @adamsilverstein, #1951)
-
Abstracts
POST /wp/v2/media
permissions check.(props @danielbachhuber, #2003)
-
Adds
exclude
param to getting collections of Posts, Users, Comments, and Taxonomy Terms. -
Adds
rest_comment_query
for filteringGET /wp/v2/comments
.(props @danielbachhuber, #2007)
-
Uses HTTP status code
500
fordb_update_error
when creating an attachment.(props @danielbachhuber, #1993)
-
Adds helpful description to
force
param across allDELETE
registrations -
In
GET /wp/v2/<taxonomy>
, drops support fororderby=>term_id
.Only one
id
is exposed through the REST API.(props @danielbachhuber, #1990)
2.0 Beta 10.0 (January 11, 2016)
-
SECURITY: Ensure media of private posts are private too.
Reported by @danielbachhuber on 2016-01-08.
-
BREAKING CHANGE: Removes compatibility repo for WordPress 4.3.
WordPress 4.4 is now the minimum supported WordPress version.
(props @danielbachhuber, #1848)
-
BREAKING CHANGE: Changes link relation for types and taxonomies.
In Beta 9, this link relation was introduced as
item
, which isn't correct. The relation has been changed tohttps://api.w.org/items
.(props @danielbachhuber, #1853)
-
BREAKING CHANGE: Introduces
edit
context forwp/v2/types
andwp/v2/taxonomies
.Some fields have moved into this context, which require
edit_posts
andmanage_terms
, respectively. -
BREAKING CHANGE: Removes
post_format
as a term_link
for Posts.Post formats aren't a custom taxonomy in the eyes of the REST API.
(props @danielbachhuber, #1854)
-
Declares
parent
query param for Pages.(props @danielbachhuber, #1975)
-
Permits logged-in users to query for media.
(props @danielbachhuber, #1973)
-
Removes duplicated query params from Terms controller.
(props @danielbachhuber, #1963)
-
Adds
include
param to/wp/v2/posts
,/wp/v2/users
,/wp/v2/<taxonomy>
and/wp/v2/comments
. -
Ensures
GET /wp/v2/posts
respectsorder
andorderby
params.(props @danielbachhuber, #1962)
-
Fixes fatal by loading
wp-admin/includes/user.php
to exposewp_delete_user()
.(props @danielbachhuber, #1958)
-
Permits making a post sticky when also supplying an empty password.
(props @westonruter, #1949)
-
Uses
WP_REST_Request
internally across controllers. -
Cleans up permissions checks in
WP_REST_Terms_Controller
.(props @danielbachhuber, #1941)
-
Uses
show_in_rest
to determine publicness for post types.(props @danielbachhuber, #1942)
-
Makes
description
strings available for translation.(props @danielbachhuber, #1944)
-
Checks
assign_terms
cap for taxonomy when managing post terms.(props @danielbachhuber, #1940)
-
Defer to
edit_posts
of the custom post type when accessing private query vars.(props @danielbachhuber, #1886)
-
Allows Terms collection params to be filtered.
(props @rachelbaker, #1882)
-
Renames post terms create/delete permissions callback.
(props @wpsmith, #1923)
-
Fixes invalid use of ‘uri’ as schema
type
.(props @wpsmith, #1913)
-
Casts integer with (int) over intval for speed.
(props @wpsmith, #1907)
-
Fixes PHP Doc typo for
validate_schema_property
andsanitize_schema_property
. -
Adds a helpful description to the
filter
argument.(props @danielbachhuber, #1885)
-
Changes order of Users response to match schema order.
(props @rachelbaker, #1879)
-
Adjusts Posts pagination headers for
filter
params.(props @rachelbaker, #1878)
-
Uses proper status code when failing to get comments of private post.
(props @danielbachhuber, #1866)
-
Fixes invalid capability for comments get items permissions callback.
manage_comments doesn't exist;
moderate_comments
does.(props @danielbachhuber, #1866)
-
Permits creating comments without an assigned post.
(props @danielbachhuber, #1857)
-
Prevents error notice when
show_in_rest
isn't set for a post type.(props @danielbachhuber, #1852)
2.0 Beta 9.0 (December 11, 2015)
-
BREAKING CHANGE: Move tags and categories to top-level endpoints.
Tags are now accessible at
/wp/v2/tags
, and categories accessible at/wp/v2/categories
. Post terms reside at/wp/v2/posts/<id>/tags
and/wp/v2/<id>/categories
.(props @danielbachhuber, #1802)
-
BREAKING CHANGE: Return object for requests to
/wp/v2/taxonomies
.This is consistent with
/wp/v2/types
and/wp/v2/statuses
.(props @danielbachhuber, #1825)
-
BREAKING CHANGE: Remove
rest_get_timezone()
.json_get_timezone() was only ever used in v1. This function causes fatals, and shouldn't be used.
(props @danielbachhuber, #1823)
-
BREAKING CHANGE: Rename
register_api_field()
toregister_rest_field()
.Introduces a
register_api_field()
function for backwards compat, which calls_doing_it_wrong()
. However,register_api_field()
won't ever be committed to WordPress core, so you should update your function calls.(props @danielbachhuber, #1824)
-
BREAKING CHANGE: Change taxonomies’
post_type
argument totype
.It's consistent with how we're exposing post types in the API.
(props @danielbachhuber, #1824)
-
Sync infrastructure with shipped in WordPress 4.4.
-
Change terms endpoints to use
term_id
nottt_id
.(props @joehoyle, #1837)
-
Standardize declaration of
context
param forGET
requests across controllers.However, we're still inconsistent in which controllers expose which params. Follow #1845 for further discussion.
-
Link types / taxonomies to their collections, and vice versa.
Collections link to their type / taxonomy with the
about
relation; types / taxonomies link to their colletion with theitem
relation, which is imperfect and may change in the future. -
Add missing ‘wp/v2’ in Location Response header when creating new Post Meta.
(props @johanmynhardt, #1790)
-
Expose Post collection query params, including
author
,order
,orderby
andstatus
.(props @danielbachhuber, #1793)
-
Ignore sticky posts by default.
(props @danielbachhuber, #1801)
-
Include
full
image size in attachmentsizes
attribute.(props @danielbachhuber, #1806)
-
In text strings, use
id
instead ofID
.ID is an implementation artifact. Our Resources use
id
.(props @danielbachhuber, #1803)
-
Ensure
attachment.sizes[]
usemime_type
instead ofmime-type
.(props @danielbachhuber, #1809)
-
Introduce
rest_authorization_required_code()
.Many controllers returned incorrect HTTP codes, which this also fixes.
(props @danielbachhuber, #1808)
-
Respect core's
comment_registration
setting.If it's enabled, require users to be logged in to comment.
(props @danielbachhuber, #1826)
-
Default to wildcard when searching users.
(props @danielbachhuber, #1827)
-
Bring the wp-api.js library up to date for v2 of the REST API.
(props @adamsilverstein, #1828)
-
Add
rest_prepare_status
filter.(props @danielbachhuber, #1830)
-
Make
prepare_*
filters more consistent.(props @danielbachhuber, #1831)
-
Add
rest_prepare_post_type
filter for post types.(props @danielbachhuber, #1833)
2.0 Beta 8.0 (December 1, 2015)
-
Prevent fatals when uploading attachment by including admin utilities.
(props @danielbachhuber, #1756)
-
Return 201 status code when creating a term.
(props @danielbachhuber, #1753)
-
Don't permit requesting terms cross routes.
Clients should only be able to request categories from the category route, and tags from the tag route.
(props @danielbachhuber, #1764)
-
Set
fields=>id
when usingWP_User_Query
to fix large memory usage(props @joehoyle, #1770)
-
Fix Post
_link
to attached attachments.(props @danielbachhuber, #1777)
-
Add support for getting a post with a custom public status.
(props @danielbachhuber, #1765)
-
Ensure post content doesn't get double-slashed on update.
(props @joehoyle, #1772)
-
Change ‘int’ to ‘integer’ for
WP_REST_Controller::validate_schema_property()
(props @wpsmith, #1759)
2.0 Beta 7.0 (November 17, 2015)
-
Sync infrastructure from WordPress core as of r35691.
- Remove
register_api_field()
because it's conceptually tied toWP_REST_Controller
#34730 - Update the REST API header links to use api.w.org #34303
- Require the
$namespace
argument inregister_rest_route()
#34416 - Include
enum
anddescription
in help data #34543 - Save
preg_match
iterations inWP_REST_Server
#34488 - Don't return route URL in
WP_REST_Request:get_params()
#34647
- Remove
-
Restore
register_api_field()
within the plugin.(props @danielbachhuber, #1748)
-
Require admin functions for use of
wp_handle_upload()
, fixing fatal.(props @joehoyle, #1746)
-
Properly handle requesting terms where
parent=0
and0
is a string.(props @danielbachhuber, #1739)
-
Prevent PHP error notice when
&filter
isn't an array.(props @danielbachhuber, #1734)
-
Change link relations to use api.w.org.
(props @danielbachhuber, #1726)
2.0 Beta 6.0 (November 12, 2015)
-
Remove global inclusion of wp-admin/includes/admin.php
For a long time, the REST API loaded wp-admin/includes/admin.php to make use of specific admin utilities. Now, it only loads those admin utilities when it needs them.
If your custom endpoints make use of admin utilities, you'll need to make sure to load wp-admin/includes/admin.php before you use them.
(props @joehoyle, #1696)
-
Link directly to the featured image in a Post's links.
-
Provide object type as callback argument for custom API fields.
(props @jtsternberg, #1714)
-
Change users schema order to be order of importance instead of alpha.
(props @rachelbaker, #1708)
-
Clarify documentation for
date
andmodified
attributes.(props @danielbachhuber, #1715)
-
Update the wp-api.js client from the client-js repo.
(props @rachelbaker, #1709)
-
Fix the
format
enum to be an array of strings.(props @joehoyle, #1707)
-
Run revisions for collection through
prepare_response_for_collection()
.(props @danielbachhuber, @rachelbaker, #1671)
-
Expose
date_gmt
forview
context of Posts and Comments.(props @danielbachhuber, #1690)
-
Fix PHP and JS docblock formatting.
(props @ahmadawais, #1699, #1699, #1701, #1700, #1702, #1703)
-
Include
media_details
attribute for attachments in embed context.For image attachments, media_details includes a sizes array of image sizes, which is useful for templating.
(props @danielbachhuber, #1667)
-
Make
WP_REST_Controller
error messages more helpful by specifying method to subclass.(props @danielbachhuber, #1670)
-
Expose
slug
inembed
context for Users.user_nicename is a public attribute, used in user URLs, so this is safe data to present.
(props @danielbachhuber, #1666)
-
Handle falsy value from
wp_count_terms()
, fixing fatal.(props @joehoyle, #1641)
-
Correct methods in
WP_REST_SERVER::EDITABLE
description.(props @rachelbaker, #1601)
-
Add the embed context to Users collection query params.
(props @rachelbaker, #1591)
-
Add Terms Controller collection args details.
(props @rachelbaker, #1603)
-
Set comment author details from current user.
(props @rmccue, #1580)
-
More hook documentation.
-
Return the trashed status of deleted posts/comments.
When a post or a comment is deleted, returns a flag to say whether it's been trashed or properly deleted.
(props @pento, #1499)
-
In
WP_REST_Posts_Controller::update_item()
, check the post ID based on the proper post type.(props @rachelbaker, #1497)
2.0 Beta 5.0 (October 23, 2015)
-
Load api-core as a compatibility library
Now api-core has been merged into WordPress trunk (for 4.4) we should no longer load the infrastructure code when it's already available. This also fixes a fatal error for users who were on trunk.
(props @rmccue)
-
Switch to new mysql_to_rfc3339
(props @rmccue)
-
Double-check term taxonomy
(props @rmccue)
-
Load admin functions
This was removed from the latest beta of WordPress in the REST API infrastructure, a more long term fix is planned.
(props @joehoyle)
-
Add Add compat shim for renamed
rest_mysql_to_rfc3339()
(props @danielbachhuber)
-
Compat shim for
wp_is_numeric_array()
(props @danielbachhuber)
-
Revert Switch to register_post_type_args filter
(props @joehoyle)
2.0 Beta 4.0 (August 14, 2015)
-
Show public user information through the user controller.
In WordPress as of r32683 (scheduled for 4.3),
WP_User_Query
now has support for getting users with published posts.To match current behaviour in WordPress themes and feeds, we now expose this public user information. This includes the avatar, description, user ID, custom URL, display name, and URL, for users who have published at least one post on the site. This information is available to all clients; other fields and data for all users are still only available when authenticated.
-
Send schema in OPTIONS requests and index.
Rather than using separate
/schema
endpoints, the schema for items is now available through an OPTIONS request to the route. This means that full documentation is now available for endpoints through an OPTIONS request; this includes available methods, what data you can pass to the endpoint, and the data you'll get back.This data is now also available in the main index and namespace indexes. Simply request the index with
context=help
to get full schema data. Warning: this response will be huge. The schema for single endpoints is also available in the collection's OPTIONS response.⚠️ This breaks backwards compatibility for clients relying on schemas being at their own routes. These clients should instead send
OPTIONS
requests.Custom endpoints can register their own schema via the
schema
option on the route. This option should live side-by-side with the endpoints (similar torelation
in WP's meta queries), so your registration call will look something like:`php
register_rest_route( ‘test-ns’, ‘/test’, array(
array(
‘methods’ => ‘GET’,
‘callback’ => ‘my_test_callback’,
),‘schema’ => ‘my_schema_callback’,
) );
` -
Update JavaScript API for version 2.
Our fantastic JavaScript API from version 1 is now available for version 2, refreshed with the latest and greatest changes.
As a refresher: if you want to use it, simply make your script depend on
wp-api
when you enqueue it. If you want to enqueue the script manually, addwp_enqueue_script( 'wp-api' )
to a callback onwp_enqueue_scripts
. -
Embed links inside items in a collection.
Previously when fetching a collection of items, you only received the items themselves. To fetch the links as well via embedding, you needed to make a request to the single item with
_embed
set.No longer! You can now request a collection with embeds enabled (try
/wp/v2/posts?_embed
). This will embed links inside each item, allowing you to build interface items much easier (for example, post archive pages can get featured image data at the same time).This also applies to custom endpoints. Any endpoint that returns a list of objects will automatically have the embedding applied to objects inside the list.
-
Fix potential XSS vulnerability.
Requests from other origins could potentially run code on the API domain, allowing cross-origin access to authentication cookies or similar.
Reported by @xknown on 2015-07-23.
-
Move
/posts
WP_Query
vars back tofilter
param.In version 1, we had internal
WP_Query
vars available viafilter
(e.g.filter[s]=search+term
). For our first betas of version 2, we tried something different and exposed these directly on the endpoint. The experiment has now concluded; we didn't like this that much, sofilter
is back.We plan on adding nicer looking arguments to collections in future releases, with a view towards being consistent across different collections. We also plan on opening up the underlying query vars via
filter
for users, comments, and terms as well.⚠️ This breaks backwards compatibility for users using WP Query vars. Simply change your
x=y
parameter tofilter[x]=y
.(props @WP-API, #1420)
-
Respect
rest_base
for taxonomies.⚠️ This breaks backwards compatibility by changing the
/wp/v2/posts/{id}/terms/post_tag
endpoint to/wp/v2/posts/{id}/tag
.(props @joehoyle, #1466)
-
Add permission check for retrieving the posts collection in edit context.
By extension of the fact that getting any individual post yields a forbidden context error when the
context=edit
and the user is not authorized, the user should also not be permitted to list any post items when unauthorized.(props @danielpunkass, #1412)
-
Ensure the REST API URL always has a trailing slash.
Previously, when pretty permalinks were enabled, the API URL during autodiscovery looked like
/wp-json
, whereas the non-pretty permalink URL looked like?rest_route=/
. These are now consistent, and always end with a slash character to simplify client URL building. -
Use
wp_json_encode
instead ofjson_encode
Since WordPress 4.1,
wp_json_encode
has been available to ensure encoded values are sane, and that non-UTF8 encodings are supported. We now use this function rather than doing the encode ourselves.(props @rmccue, @pento, #1417)
-
Add
role
to schema for users.The available roles you can assign to a user are now available in the schema as an
enum
.(props @joehoyle, #1400)
-
Use the schema for validation inside the comments controller.
Previously, the schema was merely a decorative element for documentation inside the comments controller. To bring it inline with our other controllers, the schema is now used internally for validation.
(props @joehoyle, #1422)
-
Don't set the Location header in update responses.
Previously, the Location header was sent when updating resources due to some inadvertent copypasta. This header should only be sent when creating to direct clients to the new resource, and isn't required when you're already on the correct resource.
(props @rachelbaker, #1441)
-
Re-enable the
rest_insert_post
action hook forWP_REST_Posts_Controller
This was disabled during 2.0 development to avoid breaking lots of plugins on the
json_insert_post
action. Now that we've changed namespaces and are Mostly Stable ™, we can re-enable the action. -
Fix post taxonomy terms link URLs.
When moving the routes in a previous beta, we forgot to correct the links on post objects to the new correct route. Sorry!
-
Use
wp_get_attachment_image_src()
on the image sizes in attachments.Since the first versions of the API, we've been building attachment URLs via
str_replace
. Who knows why we were doing this, but it caused problems with custom attachment URLs (such as CDN-hosted images). This now correctly uses the internal functions and filters.(props @joehoyle, #1462)
-
Make the embed context a default, not forced.
If you want embeds to bring in full data rather than with
context=edit
, you can now change the link to specifycontext=view
explicitly.(props @rmccue, #1464)
-
Ensure we always use the
term_taxonomy_id
and never exposeterm_id
publicly.Previously,
term_id
was inadvertently exposed in some error responses.(props @jdolan, #1430)
-
Fix adding alt text to attachments on creation.
Previously, this could only be set when updating an attachment, not when creating one.
(props @joehoyle, #1398)
-
Throw an error when registering routes without a namespace.
Namespaces should always be provided when registering routes. We now throw a
doing_it_wrong
error when attempting to register one. (Previously, this caused a warning, or an invalid internal route.)If you really need to register namespaceless routes (e.g. to replicate an existing API), call
WP_REST_Server::register_route
directly rather than using the convenience function.(props @joehoyle, @rmccue, #1355)
-
Show links on embeds.
Previously, links were accidentally stripped from embedded response data.
(props @rmccue, #1472)
-
Clarify insufficient permisssion error when editing posts.
(props @danielpunkass, #1411)
-
Improve @return inline docs for rest_ensure_response()
(props @Shelob9, #1328)
-
Check taxonomies exist before trying to set properties.
(props @joehoyle, @rachelbaker, #1354)
-
Update controllers to ensure we use
sanitize_callback
wherever possible.(props @joehoyle, #1399)
-
Add more phpDoc documentation, and correct existing documentation.
-
Update testing infrastructure.
Travis now runs our coding standards tests in parallel, and now uses the new, faster container-based testing infrastructure.
2.0 Beta 3.0 (July 1, 2015)
-
Add ability to declare sanitization and default options for schema fields.
The
arg_options
array can be used to declare the sanitization callback,
default value, or requirement of a field. -
Expand supported parameters for creating and updating Comments.
(props @rachelbaker, #1245)
-
Declare collection parameters for Terms of a Post.
Define the available collection parameters in
get_collection_params()
and
allow Terms of a Post to be queried by term order.(props @danielbachhuber, #1332)
-
Improve the Attachment error message for an invalid Content-Disposition
(props @danielbachhuber, #1317)
-
Return 200 status when updating Attachments, Comments, and Users.
(props @rachelbaker, #1348)
-
Remove unnecessary
handle_format_param()
method.(props @danielbachhuber, #1331)
-
Add
author_avatar_url
field to the Comment response and schema.(props @rachelbaker #1327)
-
Introduce
rest_do_request()
for making REST requests internally.(props @danielbachhuber, #1333)
-
Remove unused DateTime class.
(props @rmccue, #1314)
-
Add inline documentation for
$wp_rest_server
global.(props @Shelob9, #1324)
2.0 Beta 2.0 (May 28, 2015)
-
Load the WP REST API before the main query runs.
The
rest_api_loaded
function now hooks into theparse_request
action.
This change prevents the main query from being run on every request and
allows sites to setWP_USE_THEMES
tofalse
. Previously, the main query
was always being run (SELECT * FROM wp_posts LIMIT 10
), even though the
result was never used and couldn't be cached.(props @rmccue, #1270)
-
Register a new field on an existing WordPress object type.
Introduces
register_api_field()
to add a field to an object and
its schema.(props @joehoyle, @rachelbaker, #927)
(props @joehoyle, #1207)
(props @joehoyle, #1243) -
Add endpoints for viewing, creating, updating, and deleting Terms for a Post.
The new
WP_REST_Posts_Terms_Controller
class controller supports routes for
Terms that belong to a Post.(props @joehoyle, @danielbachhuber, #1216)
-
Add pagination headers for collection queries.
The
X-WP-Total
andX-WP-TotalPages
are now present in terms, comments,
and users collection responses.(props @danielbachhuber, #1182)
(props @danielbachhuber, #1191)
(props @danielbachhuber, @joehoyle, #1197) -
List registered namespaces in the index for feature detection.
The index (
/wp-json
by default) now contains a list of the available
namespaces. This allows for simple feature detection. You can grab the index
and check namespaces forwp/v3
orpluginname/v2
, which indicate the
supported endpoints on the site.(props @rmccue,, #1283)
-
Standardize link property relations and support embedding for all resources.
Change link properties to use IANA-registered relations. Also adds embedding
support to Attachments, Comments and Terms.(props @rmccue, @rachelbaker, #1284)
-
Add support for Composer dependency management.
Allows you to recursively install/update the WP REST API inside of WordPress
plugins or themes.(props @QWp6t, #1157)
-
Return full objects in the delete response.
Instead of returning a random message when deleting a Post, Comment, Term, or
User provide the original resource data.(props @danielbachhuber, #1253)
(props @danielbachhuber, #1254)
(props @danielbachhuber, #1255)
(props @danielbachhuber, #1256) -
Return programmatically readable error messages for invalid or missing
required parameters.(props @joehoyle, #1175)
-
Declare supported arguments for Comment and User collection queries.
(props @danielbachhuber, #1211)
(props @danielbachhuber, #1217) -
Automatically validate parameters based on Schema data.
(props @joehoyle, #1128)
-
Use the
show_in_rest
attributes for exposing Taxonomies.(props @joehoyle, #1279)
-
Handle
parent
when creating or updating a Term.(props @joehoyle, #1221)
-
Limit fields returned in
embed
context User responses.(props @rachelbaker, #1251)
-
Only include
parent
in term response when tax is hierarchical.(props @danielbachhuber, #1189)
-
Fix bug in creating comments if
type
was not set.(props @rachelbaker, #1244)
-
Rename
post_name
field topost_slug
.(props @danielbachhuber, #1235)
-
Add check when creating a user to verify the provided role is valid.
(props @rachelbaker, #1267)
-
Add link properties to the Post Status response.
(props @joehoyle, #1243)
-
Return
0
forparent
in Post response instead ofnull
.(props @danielbachhuber, #1269)
-
Only link
author
when there's a valid author(props @danielbachhuber, #1203)
-
Only permit querying by parent term when tax is hierarchical.
(props @danielbachhuber, #1219)
-
Only permit deleting posts of the proper type
(props @danielbachhuber, #1257)
-
Set pagination headers even when no found posts.
(props @danielbachhuber, #1209)
-
Correct prefix in
rest_request_parameter_order
filter.(props @quasel, #1158)
-
Retool
WP_REST_Terms_Controller
to follow Posts controller pattern.(props @danielbachhuber, #1170)
-
Remove unused
accept_json argument
from theregister_routes
method.(props @quasel, #1160)
-
Fix typo in
sanitize_params
inline documentation.(props @Shelob9, #1226)
-
Remove commented out code in dispatch method.
(props @rachelbaker, #1162)
2.0 Beta 1.1
-
Fix user access security vulnerability.
Authenticated users were able to escalate their privileges bypassing the
expected capabilities check.Reported by @kacperszurek on 2015-05-16.
2.0 Beta 1 (April 28, 2015)
Partial rewrite and evolution of the REST API to prepare for core integration.
For versions 0.x through 1.x, see the legacy plugin changelog.