A RESTful API for WordPress
JSON API allows you to retrieve and manipulate WordPress content using HTTP requests. There are three main goals:
- Provide a simple, consistent external interface
- Create a stable, understandable internal implementation
- Enable new types of extensions for WordPress
This plugin was created at The Museum of Modern Art for the weblog Inside/Out, which is served from Ruby on Rails. Instead of reimplementing the site templates as a WordPress theme, we opted for a Rails front-end that displays content served from a WordPress back-end. JSON API provides the necessary interface for retrieving content and accepting comment submissions.
See the Other Notes section for the complete documentation.
- Upload the
json-api
folder to the/wp-content/plugins/
directory or install directly through the plugin installer. - Activate the plugin through the 'Plugins' menu in WordPress or by using the link provided by the plugin installer.
- Our old friend, in JSON format
- General concepts
1.1. Requests
1.2. Controllers
1.3. Responses - Request methods
2.1. Core controller methods
2.2. Posts controller methods
2.3. Respond controller methods
2.4. Widgets controller methods - Request arguments
3.1. Output-modifying arguments
3.2. Content-modifying arguments
3.3. Using include/exclude and redirects - Response objects
4.1. Post response object
4.2. Category response object
4.3. Tag response object
4.4. Author response object
4.5. Comment response object
4.6. Attachment response object - Extending JSON API
5.1. Plugin hooks
5.2. Developing JSON API controllers
5.3. Configuration options - Unit tests
6.1. Preparing a WordPress test site
6.2. Running the tests
Requests use a simple REST-style HTTP GET or POST. To invoke the API, include a non-empty query value for json
in the URL.
JSON API operates in two modes:
- Implicit mode is triggered by setting the
json
query var to a non-empty value on any WordPress page. The content that would normally appear on that page is returned in JSON format. - Explicit mode is triggered by setting
json
to a known method string. See Section 2: Request methods for a complete method listing.
http://www.example.org/?json=1
http://www.example.org/?p=47&json=1
http://www.example.org/tag/banana/?json=1
http://www.example.org/?json=get_recent_posts
http://www.example.org/?json=get_post&post_id=47
http://www.example.org/?json=get_tag_posts&tag_slug=banana
http://www.example.org/api/get_recent_posts/
http://www.example.org/api/get_post/?post_id=47
http://www.example.org/api/get_tag_posts/?tag_slug=banana
Further reading
See Section 3: Request arguments for more information about request arguments to modify the response.
The 1.0 release of JSON API introduced a modular controller system. This allows developers to flexibly add features to the API and give users more control over which methods they have enabled.
Most of the methods available prior to version 1.0 have been moved to the Core controller. The two exceptions are submit_comment
and create_post
which are now available from the Respond and Posts controllers, respectively. The Core controller is the only one enabled by default. All other functionality must be enabled from the JSON API Settings page (under Settings in the WordPress admin menu).
There are a few ways of specifying a controller, depending on how you are calling the API:
http://www.example.org/?json=get_recent_posts
(core
controller is implied, method isget_recent_posts
)http://www.example.org/api/info/
(core
controller is implied)http://www.example.org/api/core/get_category_posts/
(core
controller can also be explicitly specified)http://www.example.org/?json=respond.submit_comment
(respond
controller,submit_comment
method)
Legacy compatibility
JSON API retains support for its pre-1.0 methods. For example, if you invoke the method create_post
without a controller specified, the Posts controller is chosen instead of Core.
The current release includes three controllers: Core, Posts, and Respond. Developers are encouraged to suggest or submit additional controllers.
Further reading
See Section 2: Request methods for a complete reference of available controllers and methods. For documentation on extending JSON API with new controllers see Section 5.2: Developing JSON API controllers.
The standard response format for JSON API is (as you may have guessed) JSON.
Here is an example response from http://localhost/wordpress/?json=1
called on a default WordPress installation (formatted for readability):
{
"status": "ok",
"count": 1,
"count_total": 1,
"pages": 1,
"posts": [
{
"id": 1,
"type": "post",
"slug": "hello-world",
"url": "http:\/\/localhost\/wordpress\/?p=1",
"title": "Hello world!",
"title_plain": "Hello world!",
"content": "<p>Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!<\/p>\n",
"excerpt": "Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!\n",
"date": "2009-11-11 12:50:19",
"modified": "2009-11-11 12:50:19",
"categories": [],
"tags": [],
"author": {
"id": 1,
"slug": "admin",
"name": "admin",
"first_name": "",
"last_name": "",
"nickname": "",
"url": "",
"description": ""
},
"comments": [
{
"id": 1,
"name": "Mr WordPress",
"url": "http:\/\/wordpress.org\/",
"date": "2009-11-11 12:50:19",
"content": "<p>Hi, this is a comment.<br \/>To delete a comment, just log in and view the post's comments. There you will have the option to edit or delete them.<\/p>\n",
"parent": 0
}
],
"comment_count": 1,
"comment_status": "open"
}
]
}
Request methods are available from the following controllers:
- Core controller - basic introspection methods
- Posts controller - data manipulation methods for posts
- Respond controller - comment/trackback submission methods
- Widgets controller - retrieve sidebar widgets
The Core controller offers a mostly-complete set of introspection methods for retrieving content from WordPress.
Returns information about JSON API.
controller
- returns detailed information about a specific controller
{
"status": "ok",
"json_api_version": "1.0",
"controllers": [
"core"
]
}
{
"status": "ok",
"name": "Core",
"description": "Basic introspection methods",
"methods": [
...
]
}
Returns an array of recent posts. You can invoke this from the WordPress home page either by setting json
to a non-empty value (i.e., json=1
) or from any page by setting json=get_recent_posts
.
count
- determines how many posts per page are returned (default value is 10)page
- return a specific page number from the resultspost_type
- used to retrieve custom post types
{
"status": "ok",
"count": 10,
"count_total": 79,
"pages": 7,
"posts": [
{ ... },
{ ... },
...
]
}
Returns posts according to WordPress's WP_Query
parameters. The one default parameter is ignore_sticky_posts=1
(this can be overridden).
count
- determines how many posts per page are returned (default value is 10)page
- return a specific page number from the resultspost_type
- used to retrieve custom post types
Further reading
See the WP_Query
documentation for a full list of supported parameters. The post_status
parameter is currently ignored.
{
"status": "ok",
"count": 1,
"posts": [
{ ... }
]
}
Returns a single post object.
- Invoking the JSON API implicitly (i.e.,
?json=1
) on a post URL id
orpost_id
- set to the post's IDslug
orpost_slug
- set to the post's URL slug
post_type
- used to retrieve custom post types
{
"status": "ok",
"post": { ... }
}
Returns a single page object.
- Invoking the JSON API implicitly (i.e.,
?json=1
) on a page URL id
orpage_id
- set to the page's IDslug
orpage_slug
- set to the page's URL slug
children
- set to a non-empty value to include a recursive hierarchy of child pagespost_type
- used to retrieve custom post types
{
"status": "ok",
"page": { ... }
}
Returns an array of posts/pages in a specific date archive (by day, month, or year).
- Invoking the JSON API implicitly (i.e.,
?json=1
) on a date archive page date
- set to a date in the formatYYYY
orYYYY-MM
orYYYY-MM-DD
(non-numeric characters are stripped from the var, soYYYYMMDD
orYYYY/MM/DD
are also valid)
count
- determines how many posts per page are returned (default value is 10)page
- return a specific page number from the resultspost_type
- used to retrieve custom post types
{
"status": "ok",
"count": 10,
"count_total": 79,
"pages": 7,
"posts": [
{ ... },
{ ... },
...
]
}
Returns an array of posts/pages in a specific category.
- Invoking the JSON API implicitly (i.e.,
?json=1
) on a category archive page id
orcategory_id
- set to the category's IDslug
orcategory_slug
- set to the category's URL slug
count
- determines how many posts per page are returned (default value is 10)page
- return a specific page number from the resultspost_type
- used to retrieve custom post types
{
"status": "ok",
"count": 10,
"count_total": 79,
"pages": 7,
"category": { ... }
"posts": [
{ ... },
{ ... },
...
]
}
Returns an array of posts/pages with a specific tag.
- Invoking the JSON API implicitly (i.e.,
?json=1
) on a tag archive page id
ortag_id
- set to the tag's IDslug
ortag_slug
- set to the tag's URL slug
count
- determines how many posts per page are returned (default value is 10)page
- return a specific page number from the resultspost_type
- used to retrieve custom post types
{
"status": "ok",
"count": 10,
"count_total": 79,
"pages": 7,
"tag": { ... }
"posts": [
{ ... },
{ ... },
...
]
}
Returns an array of posts/pages written by a specific author.
- Invoking the JSON API implicitly (i.e.,
?json=1
) on an author archive page id
orauthor_id
- set to the author's IDslug
orauthor_slug
- set to the author's URL slug
count
- determines how many posts per page are returned (default value is 10)page
- return a specific page number from the resultspost_type
- used to retrieve custom post types
{
"status": "ok",
"count": 10,
"count_total": 79,
"pages": 7,
"author": { ... }
"posts": [
{ ... },
{ ... },
...
]
}
Returns an array of posts/pages in response to a search query.
- Invoking the JSON API implicitly (i.e.,
?json=1
) on a search results page search
- set to the desired search query
count
- determines how many posts per page are returned (default value is 10)page
- return a specific page number from the resultspost_type
- used to retrieve custom post types
{
"status": "ok",
"count": 10,
"count_total": 79,
"pages": 7,
"posts": [
{ ... },
{ ... },
...
]
}
Returns both an array of date page permalinks and a tree structure representation of the archive.
{
"status": "ok",
"permalinks": [
"...",
"...",
"..."
],
"tree": {
"2009": {
"09": 17,
"10": 20,
"11": 7
}
}
Note: the tree is arranged by response.tree.[year].[month].[number of posts]
.
Returns an array of active categories.
parent
- returns categories that are direct children of the parent ID
{
"status": "ok",
"count": 3,
"categories": [
{ ... },
{ ... },
{ ... }
]
}
Returns an array of active tags.
{
"status": "ok",
"count": 3
"tags": [
{ ... },
{ ... },
{ ... }
]
}
Returns an array of active blog authors.
{
"status": "ok",
"count": 3,
"authors": [
{ ... },
{ ... },
{ ... }
]
}
Returns a hierarchical tree of page
posts.
{
"status": "ok",
"pages": [
{ ... },
{ ... },
{ ... }
]
}
Returns a WordPress nonce value, required to call some data manipulation methods.
controller
- the JSON API controller for the method you will use the nonce formethod
- the method you wish to call (currentlycreate_post
is the only method that requires a nonce)
{
"status": "ok",
"controller": "posts",
"method": "create_post",
"nonce": "cefe01efd4"
}
Further reading
To learn more about how nonces are used in WordPress, see Mark Jaquith's article on the subject.
Creates a new post.
nonce
- available from theget_nonce
method (call with varscontroller=posts
andmethod=create_post
)
status
- sets the post status ("draft" or "publish"), default is "draft"title
- the post titlecontent
- the post contentauthor
- the post's author (login name), default is the current logged in usercategories
- a comma-separated list of categories (URL slugs)tags
- a comma-separated list of tags (URL slugs)
Note: including a file upload field called attachment
will cause an attachment to be stored with your new post.
Updates a post.
nonce
- available from theget_nonce
method (call with varscontroller=posts
andmethod=update_post
)
id
orpost_id
- set to the post's IDslug
orpost_slug
- set to the post's URL slug
status
- sets the post status ("draft" or "publish"), default is "draft"title
- the post titlecontent
- the post contentauthor
- the post's author (login name), default is the current logged in usercategories
- a comma-separated list of categories (URL slugs)tags
- a comma-separated list of tags (URL slugs)
Note: including a file upload field called attachment
will cause an attachment to be stored with your post.
Deletes a post.
nonce
- available from theget_nonce
method (call with varscontroller=posts
andmethod=delete_post
)
id
orpost_id
- set to the post's IDslug
orpost_slug
- set to the post's URL slug
Submits a comment to a WordPress post.
post_id
- which post to comment onname
- the commenter's nameemail
- the commenter's email addresscontent
- the comment content
redirect
- redirect instead of returning a JSON objectredirect_ok
- redirect to a specific URL when the status value isok
redirect_error
- redirect to a specific URL when the status value iserror
redirect_pending
- redirect to a specific URL when the status value ispending
pending
- assigned if the comment submission is pending moderation
Retrieves widgets assigned to a sidebar.
sidebar_id
- the name or number of the sidebar to retrieve
API requests can be controlled by specifying one of the following arguments as URL query vars.
- Debug the response:
http://www.example.org/api/get_page_index/?dev=1
- Widget-style JSONP output:
http://www.example.org/api/get_recent_posts/?callback=show_posts_widget&read_more=More&count=3
- Redirect on error:
http://www.example.org/api/posts/create_post/?callback_error=http%3A%2F%2Fwww.example.org%2Fhelp.html
The following arguments modify how you get results back from the API. The redirect response styles are intended for use with the data manipulation methods.
- Setting
callback
to a JavaScript function name will trigger a JSONP-style callback. - Setting
redirect
to a URL will cause the user's browser to redirect to the specified URL with astatus
value appended to the query vars (see the Response objects section below for an explanation of status values). - Setting
redirect_[status]
allows you to control the resulting browser redirection depending on thestatus
value. - Setting
dev
to a non-empty value adds whitespace for readability and responds withtext/plain
- Errors are suppressed unless
dev
is set to a non-empty value - Setting
json_encode_options
will let you specify an integer bitmask to modify the behavior of PHP'sjson_encode
(Note: this option is only recognized in PHP version 5.3+) - Setting
json_unescaped_unicode
will replace unicode-escaped characters with their unescaped equivalents (e.g.,\u00e1
becomes á) - Omitting all of the above arguments will result in a standard JSON response.
These arguments are available to modify all introspection methods:
date_format
- Changes the format of date values. Uses the same syntax as PHP's date() function. Default value isY-m-d H:i:s
.read_more
- Changes the 'read more' link text in post content.include
- Specifies which post data fields to include. Expects a comma-separated list of post fields. Leaving this empty includes all fields.exclude
- Specifies which post data fields to exclude. Expects a comma-separated list of post fields.custom_fields
- Includes values from posts' Custom Fields. Expects a comma-separated list of custom field keys.author_meta
- Includes additional author metadata. Should be a comma-separated list of metadata fields.count
- Controls the number of posts to include (defaults to the number specified by WordPress)order
- Controls the order of post results ('DESC' or 'ASC'). Default value is 'DESC'.order_by
- Controls which field to order results by. Expects one of the following values:author
date
(default value)title
modified
menu_order
(only works with Pages)parent
ID
rand
meta_value
(meta_key
must also be set)none
comment_count
meta_key
,meta_value
,meta_compare
- Retrieve posts (or Pages) based on a custom field key or value.
About include
/exclude
arguments
By default you get all values included with each post object. Specify a list of include
values will cause the post object to filter out the values absent from the list. Specifying exclude
causes post objects to include all values except the fields you list. For example, the query exclude=comments
includes everything except the comments.
About the redirect
argument
The redirect
response style is useful for when you need the user's browser to make a request directly rather than making proxy requests using a tool like cURL. Setting a redirect
argument causes the user's browser to redirect back to the specified URL instead of returning a JSON object. The resulting status
value is included as an extra query variable.
For example calling an API method with redirect
set to http://www.example.com/foo
will result in a redirection to one of the following:
http://www.example.com/foo?status=ok
http://www.example.com/foo?status=error
You can also set separate URLs to handle status values differently. You could set redirect_ok
to http://www.example.com/handle_ok
and redirect_error
to http://www.example.com/handle_error
in order to have more fine-tuned control over the method result.
This section describes data objects you can retrieve from WordPress and the optional URL redirects.
Status values
All JSON API requests result in a status value. The two basic status values are ok
and error
. Additional status values are available for certain methods (such as pending
in the case of the submit_comment
method). API methods that result in custom status values include a custom status values section in their documentation.
Naming compatibility
Developers familiar with WordPress may notice that many names for properties and arguments have been changed. This was a stylistic choice that intends to provide more clarity and consistency in the interface.
id
- Integertype
- String (e.g.,post
orpage
)slug
- Stringurl
- Stringtitle
- Stringtitle_plain
- Stringcontent
- String (modified by theread_more
argument)excerpt
- Stringdate
- String (modified by thedate_format
argument)modified
- String (modified by thedate_format
argument)categories
- Array of category objectstags
- Array of tag objectsauthor
Author objectcomments
- Array of comment objectsattachments
- Array of attachment objectscomment_count
- Integercomment_status
- String ("open"
or"closed"
)thumbnail
- String (only included if a post thumbnail has been specified)custom_fields
- Object (included by setting thecustom_fields
argument to a comma-separated list of custom field names)taxonomy_(taxonomy)
- Array of custom taxonomy objects (these resemble Category or Tag response objects, depending on whether the taxonomy is hierarchical)
Note
The thumbnail
attribute returns a URL to the image size specified by the optional thumbnail_size
request argument. By default this will use the thumbnail
or post-thumbnail
sizes, depending on your version of WordPress. See Mark Jaquith's post on the topic for more information.
id
- Integerslug
- Stringtitle
- Stringdescription
- Stringparent
- Integerpost_count
- Integer
id
- Integerslug
- Stringtitle
- Stringdescription
- Stringpost_count
- Integer
id
- Integerslug
- Stringname
- Stringfirst_name
- Stringlast_name
- Stringnickname
- Stringurl
- Stringdescription
- String
Note: You can include additional values by setting the author_meta
argument to a comma-separated list of metadata fields.
id
- Integername
- Stringurl
- Stringdate
- Stringcontent
- Stringparent
- Integerauthor
- Object (only set if the comment author was registered & logged in)
id
- Integerurl
- Stringslug
- Stringtitle
- Stringdescription
- Stringcaption
- Stringparent
- Integermime_type
- Stringimages
- Object with values includingthumbnail
,medium
,large
,full
, each of which are objects with valuesurl
,width
andheight
(only set if the attachment is an image)
JSON API exposes several WordPress action and filter hooks as well as a modular controller system for adding new API methods.
JSON API exposes several action and filter hooks to augment its behavior.
This filter controls the array of controllers available to JSON API. The callback function is passed a single argument, an array of strings.
// Add a custom controller
add_filter('json_api_controllers', 'add_my_controller');
function add_my_controller($controllers) {
// Corresponds to the class JSON_API_MyController_Controller
$controllers[] = 'MyController';
return $controllers;
}
Specifies the PHP source file for a given controller, overriding the default location wp-content/plugins/json_api/controllers
.
Note
If you your controller file in the json-api/controllers
folder JSON API will find it automatically.
// Register the source file for JSON_API_Widgets_Controller
add_filter('json_api_widgets_controller_path', 'widgets_controller_path');
function widgets_controller_path($default_path) {
return '/path/to/widgets.php';
}
Capitalization
Your filter hook must be all-lowercase to work correctly. The above example would fail with the filter json_api_Widgets_Controller_path
, even if that's how the class is capitalized in the PHP source.
This is called just before the output is encoded into JSON format. The value passed will always be an associative array, according to the format described in each method's documentation. Those items described in the Response objects section are passed as PHP objects, not associative arrays.
add_filter('json_api_encode', 'my_encode_kittens');
function my_encode_kittens($response) {
if (isset($response['posts'])) {
foreach ($response['posts'] as $post) {
my_add_kittens($post); // Add kittens to each post
}
} else if (isset($response['post'])) {
my_add_kittens($response['post']); // Add a kittens property
}
return $response;
}
function my_add_kittens(&$post) {
$post->kittens = 'Kittens!';
}
Each JSON API method invokes an action when called.
// Disable get_author_index method (e.g., for security reasons)
add_action('json_api-core-get_author_index', 'my_disable_author_index');
function my_disable_author_index() {
// Stop execution
exit;
}
Provides an override for the response HTTP status. Offered for backwards compatibility, since version 1.1.1 and older always returned HTTP 200.
// Retain old HTTP 200 statuses for legacy support
add_filter('json_api_http_status', 'my_http_status');
function my_http_status() {
return 200;
}
Provides an override for the WP_Query arguments.
// Allow queries of non-published content
add_action('json_api_query_args', 'my_query_args');
function my_query_args($args) {
$args['post_status'] = array('draft', 'future', 'publish');
}
Called after the JSON API introspector runs wp_query
, passes the WP_Query
object as its single argument.
To start a new JSON API controller, create a file called hello.php
inside wp-content/plugins/json-api/controllers
. Add the following class definition:
<?php
class JSON_API_Hello_Controller {
public function hello_world() {
return array(
"message" => "Hello, world"
);
}
}
?>
Your controller is now available as hello
, and exposes one hello_world
method.
Next, activate your controller from the WordPress admin interface, available from the menu under Settings > JSON API. You can either click on the link to your hello_world
method from the admin interface or enter it manually. It should have the form: http://www.example.org/api/hello/hello_world/?dev=1
or http://www.example.org/?json=hello.hello_world&dev=1
(note the use of the dev
argument to enable human-readable output). You should get the following output:
{
"status": "ok",
"message": "Hello, world"
}
To customize the behavior of your controller, you will want to make use of the global $json_api->query
object. Add the following method to your controller:
public function hello_person() {
global $json_api;
$name = $json_api->query->name;
return array(
"message" => "Hello, $name."
);
}
Now append the name
query var to the method call: http://www.example.org/api/hello/hello_world/?dev=1&name=Alice
or http://www.example.org/?json=hello.hello_world&dev=1&name=Alice
.
{
"status": "ok",
"message": "Hello, Alice"
}
Your controller can use any of the existing WordPress functions to collect data, but JSON API also includes an introspector that wraps data in objects defined in the json-api/models
directory. These are the same data models described in Section 4: Response objects.
Here is an example of how you might use the introspector:
// Retrieve posts based on custom field key/value pair
public function get_custom_posts() {
global $json_api;
// Make sure we have key/value query vars
if (!$json_api->query->key || !$json_api->query->value) {
$json_api->error("Include a 'key' and 'value' query var.");
}
// See also: http://codex.wordpress.org/Template_Tags/query_posts
$posts = $json_api->introspector->get_posts(array(
'meta_key' => $json_api->query->key,
'meta_value' => $json_api->query->value
));
return array(
'key' => $key,
'value' => $value,
'posts' => $posts
);
}
It is recommended that custom controllers are kept outside of json-api/controllers
in order to avoid accidental deletion during upgrades or site migrations. To make your controller visible from an external plugin or theme directory you will need to use two filters: json_api_controllers
and json_api_[controller]_controller_path
. Move the hello.php
file from the steps above into your theme's directory. Then add the following to your theme's functions.php
file (if your theme doesn't have a file called functions.php
you can create one).
function add_hello_controller($controllers) {
$controllers[] = 'hello';
return $controllers;
}
add_filter('json_api_controllers', 'add_hello_controller');
function set_hello_controller_path() {
return "/path/to/theme/hello.php";
}
add_filter('json_api_hello_controller_path', 'set_hello_controller_path');
The following are constants you can define in your wp-config.php
folder:
JSON_API_DIR
- set to the directory where JSON API plugin lives (in some cases this can be useful formu-plugins
with WordPress MU)JSON_API_CONTROLLERS
- a comma-separated list of default controllers to enable (this is overridden by the JSON API settings page)
JSON API comes with a set of tests that should make it easier to maintain and reveal incompatibilities when they might occur. This is an ongoing process, I hope to improve the test coverage going forward.
There are a few necessary steps that need to be carried out before the test suite will run properly.
- WordPress should generate a new set of tables before you start, so if you're testing with a
wp_
table prefix make sure the database has no existing tables of this kind - Configure and install a new copy of WordPress
- Delete the Hello World post and Sample Page (titled "About" in some versions of WordPress)
- Enable user-friendly URLs from Settings > Permalinks, use the "Day and name" format
- Install + Activate the JSON API plugin and enable all bundled controllers from Settings > JSON API
- Import the Theme Unit Test test data XML file from Settings > Import > WordPress (you will need to install the WordPress Importer plugin)
From the command line, make sure you have the HTTP_Client PEAR package installed:
pear install HTTP_Client
Change directory to tests
and run the following:
pear run-tests
You should see the test results print out culminating in a summary:
TOTAL TIME: 00:04
23 PASSED TESTS
0 SKIPPED TESTS