WordPress REST API Guide for Developers 2026

Published April 21, 2026

WordPress REST API Guide

The WordPress REST API exposes your site's data as JSON, enabling mobile apps, JavaScript frontends, and third-party integrations to interact with WordPress programmatically. It ships with WordPress core and requires no plugins to start using.

Core Endpoints

The API provides endpoints for all major content types at /wp-json/wp/v2/:

• /posts — Blog posts (GET, POST, PUT, DELETE)
• /pages — Static pages
• /media — Media library items
• /users — User profiles
• /categories and /tags — Taxonomy terms
• /comments — Comment management

Authentication Methods

Public read endpoints require no authentication. For write operations or private data, use one of these methods:

• Application Passwords: Built into WordPress since 5.6. Generate per-app credentials in user profiles. Sent as HTTP Basic Auth.
• JWT Authentication: Token-based auth via plugins like JWT Auth for WP REST API. Better for SPA and mobile apps.
• OAuth 2.0: For third-party integrations requiring delegated access.
• Cookie Authentication: For requests from within the WordPress admin (nonce required).

Querying and Filtering

The API supports rich query parameters: ?per_page=10&page=2 for pagination, ?search=keyword for full-text search, ?categories=5 to filter by taxonomy, and ?orderby=date&order=desc for sorting. The response includes total count in headers for pagination UI.

Registering Custom Endpoints

Use register_rest_route() to add your own API endpoints. Define the namespace, route pattern, HTTP methods, callback function, and permission callback. Custom endpoints integrate seamlessly with the existing authentication system.

Custom Post Type Exposure

Custom post types are not exposed to the REST API by default. Add 'show_in_rest' => true when registering the post type, optionally with a custom rest_base slug for the endpoint URL.

Building a Headless WordPress Site

Pair the REST API (or the newer GraphQL via WPGraphQL plugin) with a JavaScript framework like Next.js or Astro for a headless architecture. WordPress handles content management; your framework handles the frontend. This pattern delivers excellent performance and developer experience while keeping content editors in a familiar interface. SiteICO supports headless WordPress setups with the same reliability as traditional deployments.