aRESTful Development with the Wordpress API

aRESTful Development with the Wordpress API By Jeremy Lindblom (@jeremeamia)

@jeremeamia

Stuff I Work On ✘ API Designs ✘ API Clients
( e.g., AWS SDK for PHP ) ✘ API Reviews ✘ API Documentation ✘ PHP Libraries ( e.g., Guzzle ) ✘ Testing & Code Quality

“There's always money in the banana stand!”

http://v2.wp-api.org

UI API

“Headless” WordPress

“Come on!”

Getting Started Installing Support for the WP REST API

Step 1 Step 2

Step 3

Step 4 Code

Step 4 Code composer require guzzlehttp/guzzle

require 'vendor/autoload.php'; $client = new GuzzleHttp\Client([ 'base_uri' => $host .
'/wp-json/wp/v2/', 'auth' => ['test', 'j6gk 1Jsh uokR y5vT'], ]); $response = $client->get('posts'); $result = json_decode($response->getBody()); Step 4

Array( [0] => Array( [id] => 6 [date] => 2016-05-11T04:12:29
[date_gmt] => 2016-05-11T04:12:29 [guid] => Array( [rendered] => http://example.com/?p=6 ) [modified] => 2016-05-11T04:12:29 [modified_gmt] => 2016-05-11T04:12:29 [slug] => great-post [type] => post [link] => http://example.com/2016/05/11/great-post/ [title] => Array( [rendered] => Great Post ) ... Step 5: Profit!

The Nitty-Gritties Details About How the API Works

API Docs

Supported Resources ✘ Posts ✘ Post Revisions ✘ Pages ✘
Media ✘ Post Types ✘ Post Statuses ✘ Comments ✘ Taxonomies ✘ Categories ✘ Tags ✘ Users

Supported Operations ✘ Create ⇒ POST ✘ Read ⇒ GET
✘ Update ⇒ POST ✘ Delete ⇒ DELETE ✘ List ⇒ GET

General Parameters ✘ _jsonp ✘ _method ✘ _envelope ✘ _embed

Have any of you heard of the “Hypertext Application Language”?

Have any of you heard of the “Hypertext Application Language”?
“I don’t understand the question and I won’t respond to it.”

Hypermedia Linking Resources With the HAL Spec

HAL = Hypertext Application Language Spec for hyperlinking resources Makes
your API “explorable” “Simple” format to consume Uses _links & _embedded

require 'vendor/autoload.php'; $client = new GuzzleHttp\Client([...]); $response = $client->get('posts/6'); $result
= json_decode($response->getBody());

[id] => 6 [slug] => great-post ... [_links] => Array(
[collection] => Array( [0] => Array( [href] => http://demo.wp-api.org/wp-json/wp/v2/posts ) ) [author] => Array( [0] => Array( [embeddable] => 1 [href] => http://demo.wp-api.org/wp-json/wp/v2/users/1 ) ) ... )

“I’m here to see the magic”

$client->get('posts/6?_embed=1');

[id] => 6 [slug] => great-post ... [_links] => Array(...)
[_embedded] => Array( [author] => Array( [0] => Array( [id] => 1 [name] => Jeremy Lindblom [slug] => jeremeamia ... [_links] => Array(...) ) ) )

[_embedded] => Array( [author] => Array( [0] => Array( [id] => 1 [name] => Jeremy Lindblom [slug] => jeremeamia ... [_links] => Array(...) ) ) ) Yay! Recursion!

[_embedded] => Array( [author] => Array( [0] => Array( [id] => 1 [name] => Jeremy Lindblom [slug] => jeremeamia ... [_links] => Array(...) ) ) ) “Simple” “Explorable”

“I’m a monster!”

HAL Data Model

Authentication Giving Your Consumers Access

Types of Authentication ✘ Cookie Authentication ✘ OAuth Authentication ✘
Application Passwords ✘ Basic Auth

“ I was never really clear on that.”

require 'vendor/autoload.php'; $client = new GuzzleHttp\Client([ 'base_uri' => $host .
'/wp-json/wp/v2/', 'auth' => ['test', 'j6gk 1Jsh uokR y5vT'], ]); $response = $client->get('posts'); $result = json_decode($response->getBody());

GET /wp-json/wp/v2/posts HTTP/1.1 Host: http://demo.wp-api.org User-Agent: GuzzleHttp/6.2.0 curl/7.43.0 PHP/5.6.12 Authorization:
Basic dGVzdC1jbGllbnQ6ZlpuBrYyIHNtQjkgWmtqVw== HTTP Basic Authentication

Basic dGVzdC1jbGllbnQ6ZlpuBrYyIHNtQjkgWmtqVw== base64_encode(“{$username}:{$password}”) e.g., base64_encode(‘test:j6gk 1Jsh uokR y5vT’)

“hot ham water”

Types of Authentication ➔ Cookies + NONCE ➔ Designed for
JavaScript ➔ Use within themes/plugins ➔ Session-based ➔ Safe for HTTP ✘ Cookie Authentication ✘ OAuth Authentication ✘ Application Passwords ✘ Basic Auth

Types of Authentication ➔ 3-legged OAuth 1.0a ➔ Requires Plugin
➔ Session-based ➔ Safe for HTTP ➔ Most recommended ✘ Cookie Authentication ✘ OAuth Authentication ✘ Application Passwords ✘ Basic Auth

Types of Authentication ➔ HTTP Basic Auth ➔ Requires Plugin
➔ Application-based ➔ USE HTTPS! ➔ Easily Revokable ✘ Cookie Authentication ✘ OAuth Authentication ✘ Application Passwords ✘ Basic Auth

Types of Authentication ➔ HTTP Basic Auth ➔ Requires Plugin
➔ Application-based ➔ USE HTTPS! ➔ Uses Admin’s credentials! ✘ Cookie Authentication ✘ OAuth Authentication ✘ Application Passwords ✘ Basic Auth

Basic aGVz47gjbGllbcf9ZlpuBrYIHNtQjkgWmtqVw8= base64_encode(admin:p@$$w0rd12345’)

“I’ve made a huge mistake”

Types of Authentication ➔ Easy setup ➔ Requires Plugin ➔
HTTP Basic Auth ➔ Application-based ➔ USE HTTPS! ➔ DEVELOPMENT ONLY! DO NOT DISTRIBUTE YOUR CREDENTIALS! ✘ Cookie Authentication ✘ OAuth Authentication ✘ Application Passwords ✘ Basic Auth

Tools & Resources Working Effectively with the Wordpress API

Tools ✘ Wordpress itself

$auth = base64_encode("{$user}:{$pass}"); $response = wp_remote_post( rest_url('wp/v2/posts/1'), [ 'method' =>
'POST', 'headers' => [ 'Authorization' => "Basic {$auth}", ], 'body' => $data ] );

wp.api.loadPromise.done(function() { var post = new wp.api.models.Post({ title: 'This is
a test post' }); post.save(); });

Tools ✘ Wordpress itself ✘ Recommended in Docs: ✗ https://github.com/WP-API/example-client
✗ https://github.com/WP-API/client-cli ✗ https://github.com/WP-API/api-console ✘ HTTP Clients (Guzzle, cURL, etc.)

THANKS! Any questions? You can find me at... ✘ @jeremeamia
✘ [email protected] ✘ the @azPHP Meetups

aRESTful Development with the Wordpress API

aRESTful Development with the Wordpress API

More Decks by Jeremy Lindblom

Other Decks in Programming

Featured

Transcript