aRESTful Development with the Wordpress API

aRESTful Development with the Wordpress API

Don't make "a huge mistake"! You need to learn about the WordPress REST API—yet another way we can bend WordPress to our will and solve problems for our customers in new ways. Jeremy Lindblom (@jeremeamia) will show you how to get started with the WordPress API, and teach you a little about HTTP and APIs, in general, along the way.

You should walk away with "Steve Holt"-like confidence in knowing how to setup the API for a WordPress site and consume the API from other projects using existing tools.

Ca57a7cfac69ba3abf517470f3770aae?s=128

Jeremy Lindblom

May 26, 2016
Tweet

Transcript

  1. aRESTful Development with the Wordpress API By Jeremy Lindblom (@jeremeamia)

  2. @jeremeamia

  3. Stuff I Work On ✘ API Designs ✘ API Clients

    ( e.g., AWS SDK for PHP ) ✘ API Reviews ✘ API Documentation ✘ PHP Libraries ( e.g., Guzzle ) ✘ Testing & Code Quality
  4. None
  5. “There's always money in the banana stand!”

  6. http://v2.wp-api.org

  7. UI API

  8. API

  9. API

  10. “Headless” WordPress

  11. “Come on!”

  12. Getting Started Installing Support for the WP REST API

  13. Step 1 Step 2

  14. Step 3

  15. Step 4 Code

  16. Step 4 Code composer require guzzlehttp/guzzle

  17. require 'vendor/autoload.php'; $client = new GuzzleHttp\Client([ 'base_uri' => $host .

    '/wp-json/wp/v2/', 'auth' => ['test', 'j6gk 1Jsh uokR y5vT'], ]); $response = $client->get('posts'); $result = json_decode($response->getBody()); Step 4
  18. Array( [0] => Array( [id] => 6 [date] => 2016-05-11T04:12:29

    [date_gmt] => 2016-05-11T04:12:29 [guid] => Array( [rendered] => http://example.com/?p=6 ) [modified] => 2016-05-11T04:12:29 [modified_gmt] => 2016-05-11T04:12:29 [slug] => great-post [type] => post [link] => http://example.com/2016/05/11/great-post/ [title] => Array( [rendered] => Great Post ) ... Step 5: Profit!
  19. None
  20. The Nitty-Gritties Details About How the API Works

  21. API Docs

  22. API Docs

  23. Supported Resources ✘ Posts ✘ Post Revisions ✘ Pages ✘

    Media ✘ Post Types ✘ Post Statuses ✘ Comments ✘ Taxonomies ✘ Categories ✘ Tags ✘ Users
  24. Supported Operations ✘ Create ⇒ POST ✘ Read ⇒ GET

    ✘ Update ⇒ POST ✘ Delete ⇒ DELETE ✘ List ⇒ GET
  25. General Parameters ✘ _jsonp ✘ _method ✘ _envelope ✘ _embed

  26. Have any of you heard of the “Hypertext Application Language”?

  27. Have any of you heard of the “Hypertext Application Language”?

    “I don’t understand the question and I won’t respond to it.”
  28. Hypermedia Linking Resources With the HAL Spec

  29. HAL = Hypertext Application Language Spec for hyperlinking resources Makes

    your API “explorable” “Simple” format to consume Uses _links & _embedded
  30. require 'vendor/autoload.php'; $client = new GuzzleHttp\Client([...]); $response = $client->get('posts/6'); $result

    = json_decode($response->getBody());
  31. [id] => 6 [slug] => great-post ... [_links] => Array(

    [collection] => Array( [0] => Array( [href] => http://demo.wp-api.org/wp-json/wp/v2/posts ) ) [author] => Array( [0] => Array( [embeddable] => 1 [href] => http://demo.wp-api.org/wp-json/wp/v2/users/1 ) ) ... )
  32. “I’m here to see the magic”

  33. $client->get('posts/6?_embed=1');

  34. [id] => 6 [slug] => great-post ... [_links] => Array(...)

    [_embedded] => Array( [author] => Array( [0] => Array( [id] => 1 [name] => Jeremy Lindblom [slug] => jeremeamia ... [_links] => Array(...) ) ) )
  35. [id] => 6 [slug] => great-post ... [_links] => Array(...)

    [_embedded] => Array( [author] => Array( [0] => Array( [id] => 1 [name] => Jeremy Lindblom [slug] => jeremeamia ... [_links] => Array(...) ) ) ) Yay! Recursion!
  36. [id] => 6 [slug] => great-post ... [_links] => Array(...)

    [_embedded] => Array( [author] => Array( [0] => Array( [id] => 1 [name] => Jeremy Lindblom [slug] => jeremeamia ... [_links] => Array(...) ) ) ) “Simple” “Explorable”
  37. “I’m a monster!”

  38. HAL Data Model

  39. Authentication Giving Your Consumers Access

  40. Types of Authentication ✘ Cookie Authentication ✘ OAuth Authentication ✘

    Application Passwords ✘ Basic Auth
  41. “ I was never really clear on that.”

  42. Types of Authentication ✘ Cookie Authentication ✘ OAuth Authentication ✘

    Application Passwords ✘ Basic Auth
  43. require 'vendor/autoload.php'; $client = new GuzzleHttp\Client([ 'base_uri' => $host .

    '/wp-json/wp/v2/', 'auth' => ['test', 'j6gk 1Jsh uokR y5vT'], ]); $response = $client->get('posts'); $result = json_decode($response->getBody());
  44. GET /wp-json/wp/v2/posts HTTP/1.1 Host: http://demo.wp-api.org User-Agent: GuzzleHttp/6.2.0 curl/7.43.0 PHP/5.6.12 Authorization:

    Basic dGVzdC1jbGllbnQ6ZlpuBrYyIHNtQjkgWmtqVw== HTTP Basic Authentication
  45. GET /wp-json/wp/v2/posts HTTP/1.1 Host: http://demo.wp-api.org User-Agent: GuzzleHttp/6.2.0 curl/7.43.0 PHP/5.6.12 Authorization:

    Basic dGVzdC1jbGllbnQ6ZlpuBrYyIHNtQjkgWmtqVw== base64_encode(“{$username}:{$password}”) e.g., base64_encode(‘test:j6gk 1Jsh uokR y5vT’)
  46. “hot ham water”

  47. Types of Authentication ✘ Cookie Authentication ✘ OAuth Authentication ✘

    Application Passwords ✘ Basic Auth
  48. Types of Authentication ➔ Cookies + NONCE ➔ Designed for

    JavaScript ➔ Use within themes/plugins ➔ Session-based ➔ Safe for HTTP ✘ Cookie Authentication ✘ OAuth Authentication ✘ Application Passwords ✘ Basic Auth
  49. Types of Authentication ➔ 3-legged OAuth 1.0a ➔ Requires Plugin

    ➔ Session-based ➔ Safe for HTTP ➔ Most recommended ✘ Cookie Authentication ✘ OAuth Authentication ✘ Application Passwords ✘ Basic Auth
  50. Types of Authentication ➔ HTTP Basic Auth ➔ Requires Plugin

    ➔ Application-based ➔ USE HTTPS! ➔ Easily Revokable ✘ Cookie Authentication ✘ OAuth Authentication ✘ Application Passwords ✘ Basic Auth
  51. Types of Authentication ➔ HTTP Basic Auth ➔ Requires Plugin

    ➔ Application-based ➔ USE HTTPS! ➔ Uses Admin’s credentials! ✘ Cookie Authentication ✘ OAuth Authentication ✘ Application Passwords ✘ Basic Auth
  52. GET /wp-json/wp/v2/posts HTTP/1.1 Host: http://demo.wp-api.org User-Agent: GuzzleHttp/6.2.0 curl/7.43.0 PHP/5.6.12 Authorization:

    Basic aGVz47gjbGllbcf9ZlpuBrYIHNtQjkgWmtqVw8= base64_encode(admin:p@$$w0rd12345’)
  53. “I’ve made a huge mistake”

  54. Types of Authentication ➔ Easy setup ➔ Requires Plugin ➔

    HTTP Basic Auth ➔ Application-based ➔ USE HTTPS! ➔ DEVELOPMENT ONLY! DO NOT DISTRIBUTE YOUR CREDENTIALS! ✘ Cookie Authentication ✘ OAuth Authentication ✘ Application Passwords ✘ Basic Auth
  55. Tools & Resources Working Effectively with the Wordpress API

  56. Tools ✘ Wordpress itself

  57. $auth = base64_encode("{$user}:{$pass}"); $response = wp_remote_post( rest_url('wp/v2/posts/1'), [ 'method' =>

    'POST', 'headers' => [ 'Authorization' => "Basic {$auth}", ], 'body' => $data ] );
  58. wp.api.loadPromise.done(function() { var post = new wp.api.models.Post({ title: 'This is

    a test post' }); post.save(); });
  59. Tools ✘ Wordpress itself ✘ Recommended in Docs: ✗ https://github.com/WP-API/example-client

    ✗ https://github.com/WP-API/client-cli ✗ https://github.com/WP-API/api-console ✘ HTTP Clients (Guzzle, cURL, etc.)
  60. None
  61. THANKS! Any questions? You can find me at... ✘ @jeremeamia

    ✘ jeremeamia@gmail.com ✘ the @azPHP Meetups