WordPress REST API and OAuth : Complete Setup Guide

We commonly talk about API of many third party web applications. Here is Complete Setup Guide to WordPress REST API and OAuth Including Technical Details, Example Clients and API Tools Resources For Any Level of Users. It is not unexpected that peoples can have a good number of questions around API, need of API and tools. Very few actually understand the things, most write without much grasp of the basic. Not everything is defined in RFC or by W3C, thus rendering them “buzz words”. It is better to know that there can be unknown security flaws, like discovered in recent past :

WordPress REST API and OAuth : What You Are Talking About?

You heard about Web Service. Web Services is a way of communicating over the Internet using Internet Protocol Suites. IWe usually use HTTP for communication for transmission of file formats such as XML and JSON. We actually have XML – that is feed. These web service usually provides an web-based interface to the database server for another server or for site’s mobile application to the end user. W3C defines a web service as a software system designed to support interoperable machine-to-machine interaction over a network. XML-RPC is also such protocol which uses XML. We do not really need application programming interface (API) to be over HTTP for usage by one server by one user. These Web Service, REST API and OAuth has to do with SOA and SOAP. Peoples claim that web applications have moved away from SOAP based web services towards collections of RESTful web resources, which is possibly truth for very bigger web services. It is obviously useless to connect a plugin on a server with own server with REST API, because simply it becomes dependent on network and tends to be slower.

It is not exactly great it you are setting by WordPress REST API and OAuth on your website and has no idea of what exactly you are doing. Public unrestricted JSON response from REST API without public documentation is valueless and can invite security flaw. Various websites actually helps to do it, exactly like they promote cloud computing and fails to ask the others to call cloud computing for particular usage to an end at right time. oEmbed as example is a fuss because there is no Standard. An ordinary website never needs public REST API and OAuth. We have over 5300 posts, mostly related to development. Among so many posts, it can be difficult to search with Graphical Web Interface. An advance user can use our public API to fetch posts exactly like we have shown how to fetch drug details with cURL on Command Line Interface. It is an idiotic idea to use PHP language and advertise about RESTful API without any security warning. Itself WordPress has XML-RPC weakness (click to read how WordPress XML-RPC attack is faked to fool Nginx error). Obviously we need to rate limit the JSON response from server side! In short, a content farm probably needs public WordPress REST API and OAuth more than a personal blog. WordPress REST API can be used to:

1. Read and write posts
2. Create and edit meta data
3. Add routes
4. Process and respond to requests
5. Communicate with own Mobile Application
6. Use Third Party dashboard to edit own content
7. For bigger sire register users
8. Obviously list is endless

This is what we said as diagram :

How to Setup WordPress REST API and OAuth?

WordPress 4.7+ itself has native support, however you need to install and activate these plugins :

After installing these, the official guide is useful :

Clients for Mac :

Previously we talked about CocoaRestClient. Another such is paw.cloud for Mac and there are browser plugins like Postman Chrome Extension.

Here is a WordPress specific web app which can be used as client :

How to set OAuth in WordPress REST API

For that purpose, we already installed plugin and here are documents :

Understand what exactly you want to do.