Open in app

Sign in

Write

Sign in

How to enable the Wordpress API

I’m only here now
2 min readJun 22, 2020

You’ve got an instance of wordpress, hosted on yoursite.wordpress.com and you want to use the API to access or manage posts, or any of the other features available through the API.

Correcting misinformation

The internet will tell you:

“The Wordpress API is enabled by default, just access /wp-json/wp/v2/”

This is a lie.

It is only true of self-hosted Wordpress sites, not wordpress.com subdomain sites.

“If you are receiving a 404 not found for /wp-json/wp/v2/posts, you have to edit your permalink settings”

This is also a red herring

There is no longer a ‘Settings > Permalinks’ admin page on wordpress.com hosted sites.

The developer documentation for Wordpress.COM’s API which you seek is here (Google will try to put you onto the Wordpress.org documentation, which is for self-hosted):

Documentation

Getting started with WordPress.com development is easy. We provide a REST Application Programming Interface (API) that…

developer.wordpress.com

Then how do I access my API?

The API will not live under your subdomain. You will be hitting https://public-api.wordpress.com/

Public endpoints can be accessed as follows:

Full URL example: https://public-api.wordpress.com/rest/v1.1/sites/yoursite.wordpress.com/posts

  • Get list of all posts: GET /sites/yoursite.wordpress.com/posts
  • Get a single post: GET /sites/yoursite.wordpress.com/posts/{post_id}

and so on, a full list is here: https://developer.wordpress.com/docs/api/

Authorized endpoints and actions

Some endpoints require authorization (such as editing a post). It is not as straightforward as accessing a pre-existing REST API endpoint.

Read the official docs about setting up your oauth2 token here, or a summary follows:

  1. Use the wordpress applications manager to set up an application
    The ‘application’ refers to whatever will end up accessing the API. (The redirectURL you enter on this form needs to be used below, where I use the example https://yourredirecturl.com/auth-listener.)
  2. You’ll now have a client_id for your new application
    It can be used against `https://public-api.wordpress.com/oauth2/authorize?client_id=your_client_id&redirect_uri=https://yourredirecturl.com/auth-listener&response_type=code` to retrieve a code.

    The code is just an interim code, and is not the API access token.
  3. Use the code along with your client_secret to generate an access token
    This token-generation code above would generally be implemented in the https://yourredirecturl.com/auth-listener page.
$curl = curl_init( 'https://public-api.wordpress.com/oauth2/token' );
curl_setopt( $curl, CURLOPT_POST, true );
curl_setopt( $curl, CURLOPT_POSTFIELDS, array(
  'client_id' => your_client_id,
  'redirect_uri' => 'https://yourredirecturl.com/auth-listener',
  'client_secret' => your_client_secret_key,
  'code' => $_GET['code'], // The code from the previous request
  'grant_type' => 'authorization_code'
) );curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1);
$auth = curl_exec( $curl );
$secret = json_decode($auth);$access_key = $secret->access_token;

The above should not be replicated as client-side javascript, as it requires the client_secret. If that is required, use &response_type=token instead of =code in step 2.

4. You finally have an access token.
This token can be returned to the client browser, via a cookie for example, and can then be used to query the public api (as per the details on public endpoints above). The token is valid for two weeks.

WordPress
Wordpress Api Rest
API

--

--

I’m only here now

Written by I’m only here now

35 Followers

then you can’t come back

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams