The WordPress REST API is one of the most powerful features built into modern WordPress. It allows developers to interact with WordPress content using standard HTTP requests, opening the door to headless setups, mobile apps, and custom dashboards. In this guide, we’ll walk through the essentials with practical examples.
What Is the WordPress REST API?
Introduced in WordPress 4.7, the REST API exposes your site’s content as JSON data. Every post, page, category, tag, and media item is accessible via predictable URLs called endpoints. The base endpoint for most content is:
https://yoursite.com/wp-json/wp/v2/postsVisiting that URL in a browser returns a JSON array of your published posts — no authentication required for public content.
Reading Content (GET Requests)
Fetching data is straightforward. Here’s a basic example using fetch in JavaScript:
// Fetch the 10 most recent posts with embedded data
const res = await fetch(
'https://yoursite.com/wp-json/wp/v2/posts?per_page=10&_embed=true'
);
const posts = await res.json();
posts.forEach(post => {
console.log(post.title.rendered);
console.log(post.excerpt.rendered);
});The _embed=true parameter is especially useful — it includes related data like the author, featured image, and categories in a single request, saving you extra API calls.
Writing Content (POST Requests)
Creating, updating, or deleting content requires authentication. The simplest method is Application Passwords, available in WordPress since 5.6. Generate one in your profile under Users → Profile → Application Passwords.
// Create a new post using Basic Auth
const res = await fetch('https://yoursite.com/wp-json/wp/v2/posts', {
method: 'POST',
headers: {
'Authorization': 'Basic ' + btoa('username:application_password'),
'Content-Type': 'application/json',
},
body: JSON.stringify({
title: 'My New Post',
content: 'Hello from the API!
',
status: 'publish',
categories: [1],
}),
});
const post = await res.json();
console.log('Created post ID:', post.id);Uploading Media
Uploading images works similarly, but you send the raw file as the request body instead of JSON:
const formData = new FormData();
formData.append('file', imageFile);
const res = await fetch('https://yoursite.com/wp-json/wp/v2/media', {
method: 'POST',
headers: {
'Authorization': 'Basic ' + btoa('username:application_password'),
'Content-Disposition': 'attachment; filename="image.jpg"',
},
body: imageFile,
});
const media = await res.json();
// Use media.id as the featured_media on a postPractical Use Cases
- Headless WordPress — Use WordPress as a CMS while a Next.js, React, or Vue app handles the frontend.
- Custom dashboards — Build a tailored editing interface for non-technical users.
- Mobile apps — Fetch and display your content in native iOS or Android apps.
- Automation — Schedule posts, sync content between sites, or generate reports.
Tips for Success
Always use _embed=true when you need related data — it dramatically reduces the number of API calls your app needs to make.
- Cache responses on the client side to reduce server load.
- Use pagination (
pageandper_pageparameters) for large datasets. - Store Application Passwords securely in environment variables — never in client-side code.
- Check the
X-WP-TotalandX-WP-TotalPagesresponse headers for pagination info.
Conclusion
The WordPress REST API transforms WordPress from a simple blogging platform into a flexible content backend. Whether you’re building a headless frontend, a mobile app, or a custom management dashboard, the API gives you full programmatic control over your content. Start with read operations to get comfortable, then experiment with authenticated write operations using Application Passwords.
Have you built something with the WordPress REST API? Share your experiences in the comments below!
