Documentation The WordPress API

The WordPress API

Overview #

Developers use the API to build external apps and integrate site content into a wide variety of external platforms.

↑ Top ↑ REST API #

All sites, including VIP sites, feature the REST API. This is the recommended API for all integrations and features methods for handling posts, users, categories, tags and much more. Authentication is handled using OAuth2. A great way to begin exploring the REST API is to check out the developer console.

The VIP site theme loads for a REST API request to your site, which means custom post types, custom taxonomies, and custom user roles are there.

However, please note that due to the way theme loading is implemented, the theme only loads on single site endpoints (URLs like /sites/:site/*), not multi-site endpoints.

REST API specific filters like rest_api_allowed_post_types are in effect. Please be careful of theme constants like STYLESHEETPATH and TEMPLATEPATH as they’re not available in the REST API context.

↑ Top ↑

WordPress REST API #

Selected VIP sites also feature the REST API infrastructure included in WordPress since version 4.4. This allows you to build your own API endpoints on your site, or you can enable the WP-API plugin and use the endpoints defined there.

We are in the process of rolling out this API framework to VIP sites, so if you are interested in participating, please open a ticket and let us know clearly what you are hoping to test / build. We will prioritize requests from folks who will contribute back to the WP-API plugin.

There are two authentication methods available: built-in WordPress cookies and nonces and the same OAuth2 infrastructure as the REST API.

A couple of important notes to keep in mind when developing against this API framework:

↑ Top ↑


All sites, including VIP sites, also have an XML-RPC endpoint enabled at /xmlrpc.php. Though it is required by certain legacy apps, we strongly urge the use of the REST API for all new development. Additional information on XML-RPC support is available here and here.

Note: XML-RPC requests that lack a user agent are blocked on

↑ Top ↑

Can REST or XML-RPC be disabled? #

No. These are enabled and secure for all sites, including VIP sites.

Documentation is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.