A developer’s life beyond the screen.

6. Working with the WordPress REST API

The REST API is one of the most powerful features in modern WordPress.
It allows you to read, create, update, or delete WordPress data using simple URLs.
If you understand how it works, you can build:

  • Mobile apps connected to WordPress
  • React or Vue frontends
  • Custom dashboards
  • Integrations with external services
  • Advanced Gutenberg blocks

In this article, we’ll go through the basics in a very simple way so beginners can follow easily.

What Is the REST API?

The WordPress REST API lets you access or modify WordPress data using HTTP requests.

For example, to get all posts, you can visit:

/wp-json/wp/v2/posts

This returns JSON data, which is easy to use in JavaScript or other applications.

Think of it like this:
Instead of working inside WordPress admin, you can talk to WordPress from anywhere.

How to View REST API Data

You can open a REST API URL directly in your browser.

Try something like:

https://example.com/wp-json/

This shows all available routes.

To see all posts:

https://example.com/wp-json/wp/v2/posts

To see categories:

https://example.com/wp-json/wp/v2/categories

Once you see how simple this is, you will understand why so many developers use the API.

Creating a Custom REST API Endpoint

Most real projects need custom data.
To create your own endpoint, you use register_rest_route() inside the rest_api_init hook.

Here’s a simple example:

add_action('rest_api_init', function () {
    register_rest_route('myplugin/v1', '/hello', [
        'methods'  => 'GET',
        'callback' => function () {
            return ['message' => 'Hello from my API'];
        },
    ]);
});

Now you can open:

/wp-json/myplugin/v1/hello

And you’ll get:

{"message": "Hello from my API"}

That’s all — you just created an API.

Adding Parameters

API endpoints can accept parameters like this:

/wp-json/myplugin/v1/hello?name=Ankit

To use it:

'callback' => function ($request) {
    $name = $request->get_param('name');
    return ['message' => "Hello, $name"];
}

This is how you build dynamic behavior.

Handling Permissions

Some endpoints should be public, but others need restrictions.
For example:

  • Reading posts can be public
  • Creating or deleting posts must be restricted

Use a permission callback:

'permission_callback' => function () {
    return current_user_can('manage_options');
}

This ensures only admins can access the route.

Using the API in JavaScript

If you’re building a Gutenberg block or a custom dashboard, you will use fetch() to call the API.

Example:

fetch('/wp-json/myplugin/v1/hello')
    .then(response => response.json())
    .then(data => {
        console.log(data);
});

This is the bridge between your PHP code and JavaScript UI.

Real-Life Uses of the REST API

Developers use the REST API for many things:

  • React frontends that load WordPress content
  • Updating data from external apps
  • Sending form entries to a mobile app
  • Building custom admin dashboards
  • Creating interactive blocks
  • Connecting WordPress with SaaS platforms

Once you start using the API, you’ll realize it opens many possibilities beyond traditional WordPress.

Tips for Beginners

  • Start by exploring built-in routes (/wp-json/wp/v2/)
  • Learn to return arrays — WordPress converts them to JSON automatically
  • Always secure endpoints that modify data
  • Keep your routes organized inside classes as your plugin grows
  • Test endpoints in the browser or tools like Postman

You don’t need to learn everything in one day.
Just practice creating simple routes and calling them.

What’s Next

In the next article, we’ll cover Security and Performance Essentials — a very important topic for every developer.

You’ll learn:

  • How to sanitize and escape data
  • How to use nonces
  • How to avoid common security mistakes
  • Simple performance optimizations
  • Best practices for clean, safe code