ZeroToWP

REST API Endpoint

Quick Definition

A REST API endpoint is a specific URL in WordPress that returns or accepts data in JSON format. Built-in endpoints serve posts, pages, and users. Developers can register custom endpoints for any functionality.

WordPress REST API Routes and Endpoints documentation on developer.wordpress.org

What Is a REST API Endpoint?

A REST API endpoint is a specific URL that a client (your browser, a mobile app, or JavaScript code) can request to get data from or send data to WordPress. Each endpoint is a destination for a specific type of data or action.

WordPress's built-in endpoints follow the pattern /wp-json/wp/v2/{resource}:

  • /wp-json/wp/v2/posts — Returns all published posts as JSON
  • /wp-json/wp/v2/posts/42 — Returns post #42
  • /wp-json/wp/v2/pages — Returns all pages
  • /wp-json/wp/v2/categories — Returns all categories
  • /wp-json/wp/v2/users — Returns users (with authentication)
  • /wp-json/wp/v2/media — Returns media library items

You can try this right now: add /wp-json/wp/v2/posts to any WordPress site's URL and you will see its posts as raw JSON data in your browser.

Two key concepts to understand:

  • Route — The URL pattern (e.g., /wp/v2/posts). A route can have multiple endpoints.
  • Endpoint — The specific method + callback for that route. The /wp/v2/posts route has a GET endpoint (list posts) and a POST endpoint (create a new post, with authentication).

Plugin developers can create custom endpoints using register_rest_route(). The function requires three arguments:

  • Namespace — Your plugin's unique identifier (e.g., myplugin/v1). Core uses wp/v2.
  • Route — The URL path (e.g., /popular-posts)
  • Options — HTTP method (GET, POST, PUT, DELETE), the callback function that returns data, and a permissions callback for security

This is how WooCommerce adds /wp-json/wc/v3/products and webhook delivery URLs, how the block editor saves posts without page reloads, and how headless WordPress sites serve content to external frontends.

REST API Endpoints in Practice

For theme and plugin developers, the REST API is the modern replacement for admin-ajax.php. Instead of all requests going through one URL (admin-ajax.php) with an action parameter, each feature gets its own clean endpoint with proper HTTP methods and JSON responses.

Security is handled through the permissions callback. Every endpoint must check whether the requesting user has the right capability. Public endpoints return __return_true; protected endpoints check for specific capabilities like edit_posts or manage_options.

You can explore all available endpoints on your site at /wp-json/ — this returns the full API discovery document listing every registered route and endpoint.

Why It Matters

REST API endpoints are how modern WordPress communicates. The block editor, mobile apps, external services, Interactivity API, and headless frontends all depend on them. Understanding endpoints helps you build custom functionality, debug API issues, and appreciate the architecture that makes WordPress more than a traditional CMS.

Sources

Related Terms

Admin AjaxAdmin Ajax (admin-ajax.php) is the file WordPress uses to process all AJAX requests — background data exchanges between your browser and the server without reloading the page.Headless CMSA headless CMS is a content management system that stores and delivers content through an API, with no built-in front end. WordPress can be used headlessly by serving content via its REST API to a separate frontend built with React, Next.js, or other frameworks.REST APIThe WordPress REST API lets external applications read and write your site's data using standard HTTP requests and JSON. It's what powers the Block Editor and enables headless WordPress setups.

Related Articles

Headless WordPress: What It Is and When You Need It (2026)Headless WordPress uses WordPress as a backend CMS while a separate frontend handles the display. Here is when it makes sense and when it does not.WordPress MCP: What Is the Model Context Protocol? (2026 Guide)WordPress 7.0 introduces MCP support via the Abilities API. Here is what the Model Context Protocol is, how it works, and what it means for your site.
← Back to WordPress Glossary