Upgrade to Pro — share decks privately, control downloads, hide ads and more …

aRESTful Development with the Wordpress API

aRESTful Development with the Wordpress API

Don't make "a huge mistake"! You need to learn about the WordPress REST API—yet another way we can bend WordPress to our will and solve problems for our customers in new ways. Jeremy Lindblom (@jeremeamia) will show you how to get started with the WordPress API, and teach you a little about HTTP and APIs, in general, along the way.

You should walk away with "Steve Holt"-like confidence in knowing how to setup the API for a WordPress site and consume the API from other projects using existing tools.

Jeremy Lindblom

May 26, 2016
Tweet

More Decks by Jeremy Lindblom

Other Decks in Programming

Transcript

  1. aRESTful Development
    with the Wordpress API
    By Jeremy Lindblom (@jeremeamia)

    View Slide

  2. @jeremeamia

    View Slide

  3. Stuff I Work On
    ✘ API Designs
    ✘ API Clients ( e.g., AWS SDK for PHP )
    ✘ API Reviews
    ✘ API Documentation
    ✘ PHP Libraries ( e.g., Guzzle )
    ✘ Testing & Code Quality

    View Slide

  4. View Slide

  5. “There's
    always
    money in
    the banana
    stand!”

    View Slide

  6. http://v2.wp-api.org

    View Slide

  7. UI
    API

    View Slide

  8. API

    View Slide

  9. API

    View Slide

  10. “Headless”
    WordPress

    View Slide

  11. “Come on!”

    View Slide

  12. Getting Started
    Installing Support for the WP REST API

    View Slide

  13. Step 1
    Step 2

    View Slide

  14. Step 3

    View Slide

  15. Step 4
    Code

    View Slide

  16. Step 4
    Code
    composer require guzzlehttp/guzzle

    View Slide

  17. require 'vendor/autoload.php';
    $client = new GuzzleHttp\Client([
    'base_uri' => $host . '/wp-json/wp/v2/',
    'auth' => ['test', 'j6gk 1Jsh uokR y5vT'],
    ]);
    $response = $client->get('posts');
    $result = json_decode($response->getBody());
    Step 4

    View Slide

  18. Array(
    [0] => Array(
    [id] => 6
    [date] => 2016-05-11T04:12:29
    [date_gmt] => 2016-05-11T04:12:29
    [guid] => Array(
    [rendered] => http://example.com/?p=6
    )
    [modified] => 2016-05-11T04:12:29
    [modified_gmt] => 2016-05-11T04:12:29
    [slug] => great-post
    [type] => post
    [link] => http://example.com/2016/05/11/great-post/
    [title] => Array(
    [rendered] => Great Post
    )
    ...
    Step 5:
    Profit!

    View Slide

  19. View Slide

  20. The Nitty-Gritties
    Details About How the API Works

    View Slide

  21. API Docs

    View Slide

  22. API Docs

    View Slide

  23. Supported Resources
    ✘ Posts
    ✘ Post Revisions
    ✘ Pages
    ✘ Media
    ✘ Post Types
    ✘ Post Statuses
    ✘ Comments
    ✘ Taxonomies
    ✘ Categories
    ✘ Tags
    ✘ Users

    View Slide

  24. Supported Operations
    ✘ Create ⇒ POST
    ✘ Read ⇒ GET
    ✘ Update ⇒ POST
    ✘ Delete ⇒ DELETE
    ✘ List ⇒ GET

    View Slide

  25. General Parameters
    ✘ _jsonp
    ✘ _method
    ✘ _envelope
    ✘ _embed

    View Slide

  26. Have any of you heard of the
    “Hypertext Application Language”?

    View Slide

  27. Have any of you heard of the
    “Hypertext Application Language”?
    “I don’t understand the
    question and I won’t
    respond to it.”

    View Slide

  28. Hypermedia
    Linking Resources With the HAL Spec

    View Slide

  29. HAL = Hypertext Application Language
    Spec for hyperlinking resources
    Makes your API “explorable”
    “Simple” format to consume
    Uses _links & _embedded

    View Slide

  30. require 'vendor/autoload.php';
    $client = new GuzzleHttp\Client([...]);
    $response = $client->get('posts/6');
    $result = json_decode($response->getBody());

    View Slide

  31. [id] => 6
    [slug] => great-post
    ...
    [_links] => Array(
    [collection] => Array(
    [0] => Array(
    [href] => http://demo.wp-api.org/wp-json/wp/v2/posts
    )
    )
    [author] => Array(
    [0] => Array(
    [embeddable] => 1
    [href] => http://demo.wp-api.org/wp-json/wp/v2/users/1
    )
    )
    ...
    )

    View Slide

  32. “I’m here to see the magic”

    View Slide

  33. $client->get('posts/6?_embed=1');

    View Slide

  34. [id] => 6
    [slug] => great-post
    ...
    [_links] => Array(...)
    [_embedded] => Array(
    [author] => Array(
    [0] => Array(
    [id] => 1
    [name] => Jeremy Lindblom
    [slug] => jeremeamia
    ...
    [_links] => Array(...)
    )
    )
    )

    View Slide

  35. [id] => 6
    [slug] => great-post
    ...
    [_links] => Array(...)
    [_embedded] => Array(
    [author] => Array(
    [0] => Array(
    [id] => 1
    [name] => Jeremy Lindblom
    [slug] => jeremeamia
    ...
    [_links] => Array(...)
    )
    )
    )
    Yay! Recursion!

    View Slide

  36. [id] => 6
    [slug] => great-post
    ...
    [_links] => Array(...)
    [_embedded] => Array(
    [author] => Array(
    [0] => Array(
    [id] => 1
    [name] => Jeremy Lindblom
    [slug] => jeremeamia
    ...
    [_links] => Array(...)
    )
    )
    )
    “Simple”
    “Explorable”

    View Slide

  37. “I’m a monster!”

    View Slide

  38. HAL Data Model

    View Slide

  39. Authentication
    Giving Your Consumers Access

    View Slide

  40. Types of Authentication
    ✘ Cookie Authentication
    ✘ OAuth Authentication
    ✘ Application Passwords
    ✘ Basic Auth

    View Slide

  41. “ I was never really clear on that.”

    View Slide

  42. Types of Authentication
    ✘ Cookie Authentication
    ✘ OAuth Authentication
    ✘ Application Passwords
    ✘ Basic Auth

    View Slide

  43. require 'vendor/autoload.php';
    $client = new GuzzleHttp\Client([
    'base_uri' => $host . '/wp-json/wp/v2/',
    'auth' => ['test', 'j6gk 1Jsh uokR y5vT'],
    ]);
    $response = $client->get('posts');
    $result = json_decode($response->getBody());

    View Slide

  44. GET /wp-json/wp/v2/posts HTTP/1.1
    Host: http://demo.wp-api.org
    User-Agent: GuzzleHttp/6.2.0 curl/7.43.0 PHP/5.6.12
    Authorization: Basic dGVzdC1jbGllbnQ6ZlpuBrYyIHNtQjkgWmtqVw==
    HTTP Basic Authentication

    View Slide

  45. GET /wp-json/wp/v2/posts HTTP/1.1
    Host: http://demo.wp-api.org
    User-Agent: GuzzleHttp/6.2.0 curl/7.43.0 PHP/5.6.12
    Authorization: Basic dGVzdC1jbGllbnQ6ZlpuBrYyIHNtQjkgWmtqVw==
    base64_encode(“{$username}:{$password}”)
    e.g.,
    base64_encode(‘test:j6gk 1Jsh uokR y5vT’)

    View Slide

  46. “hot ham water”

    View Slide

  47. Types of Authentication
    ✘ Cookie Authentication
    ✘ OAuth Authentication
    ✘ Application Passwords
    ✘ Basic Auth

    View Slide

  48. Types of Authentication
    ➔ Cookies + NONCE
    ➔ Designed for JavaScript
    ➔ Use within themes/plugins
    ➔ Session-based
    ➔ Safe for HTTP
    ✘ Cookie Authentication
    ✘ OAuth Authentication
    ✘ Application Passwords
    ✘ Basic Auth

    View Slide

  49. Types of Authentication
    ➔ 3-legged OAuth 1.0a
    ➔ Requires Plugin
    ➔ Session-based
    ➔ Safe for HTTP
    ➔ Most recommended
    ✘ Cookie Authentication
    ✘ OAuth Authentication
    ✘ Application Passwords
    ✘ Basic Auth

    View Slide

  50. Types of Authentication
    ➔ HTTP Basic Auth
    ➔ Requires Plugin
    ➔ Application-based
    ➔ USE HTTPS!
    ➔ Easily Revokable
    ✘ Cookie Authentication
    ✘ OAuth Authentication
    ✘ Application Passwords
    ✘ Basic Auth

    View Slide

  51. Types of Authentication
    ➔ HTTP Basic Auth
    ➔ Requires Plugin
    ➔ Application-based
    ➔ USE HTTPS!
    ➔ Uses Admin’s credentials!
    ✘ Cookie Authentication
    ✘ OAuth Authentication
    ✘ Application Passwords
    ✘ Basic Auth

    View Slide

  52. GET /wp-json/wp/v2/posts HTTP/1.1
    Host: http://demo.wp-api.org
    User-Agent: GuzzleHttp/6.2.0 curl/7.43.0 PHP/5.6.12
    Authorization: Basic aGVz47gjbGllbcf9ZlpuBrYIHNtQjkgWmtqVw8=
    base64_encode(admin:p@$$w0rd12345’)

    View Slide

  53. “I’ve made a huge mistake”

    View Slide

  54. Types of Authentication
    ➔ Easy setup
    ➔ Requires Plugin
    ➔ HTTP Basic Auth
    ➔ Application-based
    ➔ USE HTTPS!
    ➔ DEVELOPMENT ONLY!
    DO NOT DISTRIBUTE
    YOUR CREDENTIALS!
    ✘ Cookie Authentication
    ✘ OAuth Authentication
    ✘ Application Passwords
    ✘ Basic Auth

    View Slide

  55. Tools & Resources
    Working Effectively with the Wordpress API

    View Slide

  56. Tools
    ✘ Wordpress itself

    View Slide

  57. $auth = base64_encode("{$user}:{$pass}");
    $response = wp_remote_post(
    rest_url('wp/v2/posts/1'),
    [
    'method' => 'POST',
    'headers' => [
    'Authorization' => "Basic {$auth}",
    ],
    'body' => $data
    ]
    );

    View Slide

  58. wp.api.loadPromise.done(function() {
    var post = new wp.api.models.Post({
    title: 'This is a test post'
    });
    post.save();
    });

    View Slide

  59. Tools
    ✘ Wordpress itself
    ✘ Recommended in Docs:
    ✗ https://github.com/WP-API/example-client
    ✗ https://github.com/WP-API/client-cli
    ✗ https://github.com/WP-API/api-console
    ✘ HTTP Clients (Guzzle, cURL, etc.)

    View Slide

  60. View Slide

  61. THANKS!
    Any questions?
    You can find me at...
    ✘ @jeremeamia
    [email protected]
    ✘ the @azPHP Meetups

    View Slide