Diving in to the WordPress API

Note: This post is a deeper dive into what I learned at the Day of REST Event in Boston.  You may want to start with my summary post, here.

Joe Hoyle introduced the subject… the WordPress API.  It was a high level flyover that would set the table for day-long consideration of the new WordPress REST API.  Nothing fancy, yet the opportunities are so profound.

Joe touched on some options in the API as well as authentication.

The WordPress API current supports endpoints for the following objects:

  • Posts
  • Pages
  • Media
  • Terms
  • User
  • Tags
  • Categories
  • Types
  • Taxonomies

I created a Postman Collection of a few sample calls to give you an idea at what we can do.  It’s really basic at this time but I’ll work to refine / improve it over time.

Joe also talked about Authentication and did a brief flyover for us. Joe offered a workshop the day before diving in deep on Authentication. Shane Denham of Covenant Eyes was able to attend that workshop.

The authentication methods are as follows:

  • Cookie — Used when the consumer of the API is on the same site and thus has access to the cookies associated with the WordPress Admin. In other words, if the user is logged into WordPress then they will enjoy the same level of access through the API, automatically.
  • Basic Auth — Essentially .htaccess auth. Not secure because it is plain text based. Usage example: curl -uadmin:password demo.wordpress-api.net…. Acceptable for development and internal server-to-server access.
  • oAuth 1.0 — Recommended. Functions similar to Facebook Login or Google Login. Flow of exchanged app keys resulting in an access token. oAuth1.wp-api.org was offered as an excellent overview of oAuth 1.0 and especially as it relates to WordPress. Note: oAuth 2.0 was not encouraged because it requires HTTS and only 20% of WordPress sites are using HTTPS at present. oAuth 2.0 is an option if we know HTTPS is available.
  • Brokered Authentication — An extension of oAuth 1.0 providing for a centralized storehouse for API Keys. WordPress, unlike Google and FB, is not centralized. This approach is a tactic to overcome this limitation.

Finally, Joe reviewed Javascript Client Libraries, though others were discussed during the event:

  • Backbone.js — CORE Client accessed by including wp-api.
  • WordPress-rest-api-oauth-1 — Joe wrote this to support oAuth 1 (Which is apparently not supported by Backbone)
  • wpapi (NodeJS)

Seadog’s Take:  Joe offered a pretty decent high level overview of the WordPress REST API.  Nothing revolutionary but an essential foundation to establish the rest of the day’s conversation.

A Day of REST

adayofrest

I routinely take Sundays off as a day of rest.  To me that typically means worshiping Jesus with my church family at Lifespring Christian Church, hanging out with family, a short nap, some pleasure reading and time with our small group.

This past week was unique in that I took in A[nother]  Day of REST (ADOR) with a bunch of primarily web developers, including my co-worker, Shane Denham, in Boston, MA. The next day I dove deep into a new-to-me web development approach based on Facebook’s REACT.

ADOR was a one day flyover exploring WordPress’s new REST API.  9 WordPress “rockstars” and an API guru took the stage to unpack various facets of the API and how to use it in our future development projects.

Joe Hoyle of Human Made kicked us off with a foundational talk called Diving in to the WordPress API. It was whirlwind tour touching on endpoints, authentication, and features of the WordPress REST API.

Next, API guru and author of Build APIs You Won’t Hate, Phil Sturgeon, in a talk called API Stories of Woe and Whoa! shared stories from his experience around the idea of certain best practices for building and consuming APIs.

10up‘s lead developer, Adam Silverstein presented Backbone and the REST API: A Love Story.  Backbone is a Javascript frame ideally suited to interact with REST APIs.  It is also built into WordPress core.

Kelly Dwan, a “code wrangler” at Automattic, gave a  talk called REACT-ing to WordPress.  She made the case for  Facebook’s REACT as another Javascript API well suited to WordPress development.

After a deli catered lunch and distribution of some pretty cool swag we embarked on a lightning round of presentations speaking to some non-technical concerns of moving toward an API driven decoupled WordPress site.

John Eckman, CEO of 10up briskly walked us through 10 REST API use cases in 10 minutes. Mel Choyce, a designer at Automattic spoke from the perspective of a designer.  Petya Raykovska, a Project Manager at Human Made spoke from a project manager’s perspective.

RESTful APIs by nature are request oriented.  You call them; they do not call you.  Rachel Baker, Director of Engineering at The Wirecutter, discussed some strategies for creating Real Time REST APIs that overcome this limitation using webhooks and a introduced a newer concept called Rest Hooks.

K. Adam White, engineer at Boston’s web development agency, Bocoup, paid necessary attention to the Interface portion of the API in his talk API Client, API Design.

Ben Foxall wowed us with an Internet of Things (IoT) example where he connected the WordPress REST API to a button and a string of Christmas lights through a server in London.  His talk was on Making Simple Things.

Over the next few weeks I’ll zoom in a little closer on some of these talks, share my thoughts, and try to uncover some useful nuggets of application.