[API] How to Add Custom Endpoints to WordPress API
https://artisansweb.net/how-to-add-custom-endpoints-to-wordpress-api/
SAJID UPDATED ON OCTOBER 16, 2020 1 COMMENT466Shares
Share
Tweet
Share
Recently I worked on a project where we wanted to use AngularJS on the front end and WordPress as a back end. In order to exchange data between AngularJS and WordPress, we used the WordPress REST API. It was a good experience working with the REST API in WordPress. WordPress provides a very clean and efficient way to start using the REST API. This popular CMS also allows you to build the custom endpoint to send/receive data through it.
In this article, we study how to create a custom endpoint in the WordPress REST API. I am going to build the custom endpoint for the GET and POST request.
Use of WordPress REST API
Everybody knows about the popularity of mobile applications and JavaScript frameworks. While building a mobile application or website using the JavaScript framework you need to interact with the backend for the exchange of data. One can choose any platform like WordPress, Laravel for backend purposes. The only requirement is you should have API endpoints on your platform to interchange data between the frontend and backend. The front-end system gives an API call to the backend. On the backend, we should build a system that receives the API calls and processes it.
Mostly we used two types of requests in API endpoints – GET and POST. While we call API with GET request, API will give in response data from the database or delete the data in the database. In the case of POST requests, we either insert records in the database or check the data against the database. Of course, it’s not a thumb rule. The users can decide how it behaves depends on their requirements.
Authorization Using WordPress REST API
When we start with the REST API, the first thing we need to do is checking an Authorization. It’s the important stuff that validates whether the incoming request is coming from a valid source or not. In each API call, we are supposed to send a unique token which then at the backend will verify. If the token is valid then only API requests should proceed further.
For our tutorial, I consider sending a Basic {token} as an Authorization header where token is a base64 encoded. You should set a random consumer key and consumer secret. In each API request, we send these 2 keys as a token in base64 encoded format.
I am going to use ck_6d2c7a515f1af9ff9a2fe0f58e9509884c9a0961 and cs_73c59e0b31a815a1dcc3e553a3e89a33ab369c1d as consumer key and consumer secret respectively. These are the dummy keys I created. You must create your own keys for your project.
Next, I will define a function that validates the incoming token value. Add the below method in your functions.php file which validates the Authorization token.
1234567891011121314
// define API Keys.define( 'WP_CONSUMER_KEY', 'ck_6d2c7a515f1af9ff9a2fe0f58e9509884c9a0961' );define( 'WP_CONSUMER_SECRET', 'cs_73c59e0b31a815a1dcc3e553a3e89a33ab369c1d' ); function validate_authorization_header() { $headers = apache_request_headers(); if ( isset( $headers['authorization'] ) ) { $wc_header = 'Basic ' . base64_encode( WP_CONSUMER_KEY . ':' . WP_CONSUMER_SECRET ); if ( $headers['authorization'] == $wc_header ) { return true; } } return false;}
The above method receives the Authorization value from the incoming headers and checks it against the defined values. If both values match then it means the request is from valid sources.
Login Using WordPress REST API
We have added a code to validate Authorization. Now, let’s build a custom endpoint for a login system. In the below code, we write an API endpoint that receives user credentials and checks if the passed details are correct or not. You need to add this code in your themes functions.php file.
12345678910111213
add_action( 'rest_api_init', function () { register_rest_route( 'api', 'login', array( 'methods' => 'POST', 'callback' => 'login', ) ); });
WordPress provides an action ‘rest_api_init’ using which we can build our custom endpoints. Here I am using the register_rest_route function which produces the above API enpoint as YOUR_SITE_URL/wp-json/api/login.
In our code ‘api’ is the namespace, ‘login’ is the route, a method is ‘POST’ and the callback function is ‘login’. The callback method will have an actual logic.
In order to write a logic for login flow, the POST parameters required are email and password which should be sent from the front end along with the Authorization header. While posting this data, you need to send it in JSON format. For instance, from the VSCode using Rest Client Extension I send the POST request as shown in the screenshot below.
The token value passed in the screenshot is the base64 encoded version of the API keys. You can create it in PHP as follows.
1
echo base64_encode( WP_CONSUMER_KEY . ':' . WP_CONSUMER_SECRET );
Add the code for the login() method in the functions.php file.
123456789101112131415161718192021222324252627282930313233343536373839404142
function login( WP_REST_Request $request ) { if ( validate_authorization_header() ) { $arr_request = json_decode( $request->get_body() ); if ( ! empty( $arr_request->email ) && ! empty( $arr_request->password ) ) { // this returns the user ID and other info from the user name. $user = get_user_by( 'email', $arr_request->email ); if ( ! $user ) { // if the user name doesn't exist. return [ 'success' => false, 'message' => 'Wrong email address.', ]; } // check the user's login with their password. if ( ! wp_check_password( $arr_request->password, $user->user_pass, $user->ID ) ) { // if the password is incorrect for the specified user. return [ 'success' => false, 'message' => 'Wrong password.', ]; } return [ 'success' => true, 'message' => 'User credentials are correct.', ]; } else { return [ 'success' => false, 'message' => 'Invalid credentials.', ]; } } else { return [ 'success' => false, 'message' => 'Authorization failed.', ]; }}
Note: If you received an error like “No route was found matching the URL and request method”, you need to update your permalink.
Upon receiving the ‘true’ value for the ‘success’ key, you can log the user in the frontend application.
Build an Endpoint for GET Request
We have seen how to build custom endpoints for POST requests. Now, let’s look into the GET request endpoint using WordPress REST API. For this, I will write an API that deletes a user. From the front end, you should pass the id of a user as a GET parameter.
12345678910111213
add_action( 'rest_api_init', function () { register_rest_route( 'api', 'delete_user/(?P<id>\d+)', array( 'methods' => 'GET', 'callback' => 'delete_user', ) ); });
This code generates an API endpoint as YOUR_SITE_URL/wp-json/api/delete_user/id. To this endpoint, instead of id you should pass your actual id of a user.
The callback method delete_user will have a following code.
123456789101112131415161718192021222324
function delete_user( $data ) { if ( ! empty( $data['id'] ) ) { if ( validate_authorization_header() ) { // delete the user require_once(ABSPATH.'wp-admin/includes/user.php' ); wp_delete_user($data['id']); return [ 'success' => true, 'message' => 'User deleted successfully.', ]; } else { return [ 'success' => false, 'message' => 'Authorization failed.', ]; } } else { return [ 'success' => false, 'message' => 'Missing user id.', ]; }}
I hope you understand how to build a custom endpoint in WordPress REST API. Please share your thoughts and suggestions in the comment section below.
Related Articles
If you liked this article, then please subscribe to our Youtube Channel for video tutorials.
Post navigation
← How to Display Related Products Using WooCommerce REST APIUsing Cron Schedule in Laravel to Automate Tasks →
1 thought on “How to Add Custom Endpoints to WordPress API”
In the companion YouTube video you require the editing of .htaccess by? adding “SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1″, is this still required or was that for a previous version of WordPress?Reply
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.
Last updated
