REST API – Create, Update or Delete posts using Basic Auth and HTTP API (ok)

https://rudrastyh.com/wordpress/rest-api-create-delete-posts.html

REST API – Create, Update or Delete posts using Basic Auth and HTTP API

Updated on Mar 22nd, 2019 in

1. Blog

2. WordPress

About Basic Authentication

First of all, basic authentication won’t work until you install a special plugin, what plugin – depends on a way you choose. I will show you two of them.

Using username and password

This method isn’t recommended in WordPress Codex, because in each API call you have to send actual usernames and passwords, but you can use this method for test purposes.

To begin using it, you have to download a special plugin from github (I use the link from the official WordPress documentation page).

There is no way to perform Basic Auth in WordPress Rest API without this plugin installed. Once the plugin is activated on your website (I mean the website you want to interact with API), we can try examples below.

Using application passwords

Ok, this method is much better. You have to install Application Passwords plugin, it is available from WordPress plugins repository, so you can find it in your website admin area on the Plugins > Add New page.

Once you installed this plugin, make sure, that your REST API is not turned off, then go to the very bottom of a user profile page and generate an app password there.

No needs to use user’s actual passwords anymore.

Create a Post

Where to insert all the code from this post? I hope you know this but just in case.

First of all I want to remind you that we have 2 websites.

• The first website – is the website where the post should be created, the first website also should have any of the mentioned above plugins installed.

• The second website – is the website that will interact with the first one. It will have all the code.

You can see wp_remote_post() function in the code – it is a WordPress function, so you have to insert in somewhere inside WP environment. For my test purposes I just created a randomly named PHP file just in WordPress root directory and added at the beginning of the file require('wp-load.php');. When I try to access this file in browser, it does the work.

LOGIN:PASSWORD on line 3 is the pair of username and password of a website user (the first website, and if you’ve installed Application Passwords, you have to use the generated token instead), that have the capabilities to create, update and delete posts.

$api_response = wp_remote_post( 'https://WEBSITE/wp-json/wp/v2/posts', array(
 	'headers' => array(
		'Authorization' => 'Basic ' . base64_encode( 'LOGIN:PASSWORD' )
	),
	'body' => array(
    		'title'   => 'My test',
		'status'  => 'draft', // ok, we do not want to publish it immediately
		'content' => 'lalala',
		'categories' => 5, // category ID
		'tags' => '1,4,23' // string, comma separated
		'date' => '2015-05-05T10:00:00', // YYYY-MM-DDTHH:MM:SS
		'excerpt' => 'Read this awesome post',
		'password' => '12$45',
		'slug' => 'new-test-post' // part of the URL usually
		// more body params are here:
		// developer.wordpress.org/rest-api/reference/posts/#create-a-post
	)
) );
 
$body = json_decode( $api_response['body'] );
 
// you can always print_r to look what is inside
// print_r( $body ); // or print_r( $api_response );
 
if( wp_remote_retrieve_response_message( $api_response ) === 'Created' ) {
	echo 'The post ' . $body->title->rendered . ' has been created successfully';
}

How to Update a WordPress Post with REST API

Let’s just update the title of the created post. Replace {POST_ID} with the ID of the post you would like to update. If you still not sure where to get it, read this tutorial.

$api_response = wp_remote_post( 'https://WEBSITE/wp-json/wp/v2/posts/{POST_ID}/', array(
 	'headers' => array(
		'Authorization' => 'Basic ' . base64_encode( 'LOGIN:PASSWORD' )
	),
	'body' => array(
    		'title' => 'My test 1'
	)
) );
 
$body = json_decode( $api_response['body'] );
 
 
if( wp_remote_retrieve_response_message( $api_response ) === 'OK' ) {
	echo 'The post ' . $body->title->rendered . ' has been updated successfully';
}

Delete a Post

If you add ?force=true at the end of the request URI, the post will be removed permanently without moving to trash.

$api_response = wp_remote_request( 'https://WEBSITE/wp-json/wp/v2/posts/{POST_ID}', array(  // ?force=true to skip trash
	'method'    => 'DELETE',
	'headers'   => array(
	    'Authorization' => 'Basic ' . base64_encode( 'LOGIN:PASSWORD' )
	)
));
 
$body = json_decode( $api_response['body'] );
 
 
if( wp_remote_retrieve_response_message( $api_response ) === 'OK' ) {
	if( $body->deleted == true ) {
		echo 'The post ' . $body->previous->title->rendered . ' has been completely deleted';
	} else {
		echo 'The post ' . $body->title->rendered . ' has been moved to trash';
	}
}

This was small introduction into Basic Authentication in WordPress REST API.

Related Posts

• My Experience as a Lead Organizer of WordCamp Saint Petersburg

• Begin with REST API – Display others blogs latest posts

• MailChimp API 3.0 and WordPress HTTP API