iandunn | Mentions | WordPress REST API Team

We’re getting close to release for 1.0, so a quick heads up on some breaking changes that’ll be shipping with this release:

WP_JSON_Posts::prepare_author() is being removed: Use the new WP_JSON_Users::get_user() instead. (Previously a protected method, so only subclasses need worry.)
Basic authentication is being removed: This will now be available via a plugin if needed. This is mostly of use to developers working locally; live applications should begin using OAuth authentication instead.
Nonces will be required for cookie-based authentication: If you’re using WP API from Javascript, you’ll need to ensure you send the nonce with the request if you need authentication. Requests without nonces will be treated as being logged out, so they’re still fine for most GET requests.
Meta data will only be exposed for requests with the edit context: This is a workaround for the issues discussed with @iandunn previously, until we have more powerful permissions tools in core.

We’ve also got some awesome features shipping with this release:

User endpoints are now available: Thanks to the tireless efforts of tobych, the user endpoints are now active and useful! You can also use /users/me to check who you’re logged in as.
Revision endpoints are now available: Thanks to tlovett1, post revisions are now supported at /posts//revisions!
Post types can now use the show_in_json parameter: If you want to have a public post type, but still want to hide it from the API, you can now specify 'show_in_json' => false in your register_post_type call. This is the main resolution to the privacy issues previously discussed, props @iandunn.
Non-pretty permalinks sites are now supported: No need for weird hacks any more; you can now access the API at http://example.com/?json_route=/ instead. The discovery methods (Link headers and RSD) now also reflect this.

Thanks to everyone involved so far, and thanks to @rachelbaker for helping to manage the project! Thanks also to those who’ve been talking about and promoting the API at WordCamps; the evangelism is much appreciated!

We’re not done with this release yet: there’s also post meta on the radar that should make it into 1.0; you’ll be hearing more about that shortly.

I also know there’s people who’d love to get involved with the project. Your best bet is to take a look at the issues scheduled for 1.1. In particular, we’re looking for help in the following areas:

Javascript and theme developers: We have a JS library currently included with the API, but it’s in danger of not making it into the final version unless we put some serious work into it. Help is needed here; contributions always welcome!
WP-CLI developers: As a reference client for the API, Daniel Bachhuber is planning on working on a WP-CLI client. Help will definitely be wanted in this area, as there’s a lot of the API to use here.
Other developers: Help is always wanted on the API itself, but of special interest is the OAuth server code, which needs more testing. We also need more reference clients. If you can code in any language, we’d love your help creating clients in other languages.
Designers: The OAuth server currently contains a thrown-together UI, which certainly doesn’t match the slickness of WP.com’s UI. We could use help here.

Thanks again!

Hi everybody!

In case you missed it, version 0.9 was finally released. Sorry for taking so long on that one, and thanks to everyone who helped with this release (nine contributors!).

OAuth as a Plugin
I’m splitting the OAuth support into a separate plugin. We need to get ready for merge into core, and we can’t be blocked on OAuth support. The current plan is to ship WP API in 4.0, and OAuth in 4.0 if it’s ready or a future release if not. Nonce-based authentication needs to ship in 4.0, so that we can start creating API-powered plugins and themes.

I’m working on extracting this out into something usable at the moment, I’ll update when this is available. I’d also like to approach the possibility of adding permission scopes since it’s now separate, so I’m working on preliminary support for this too.

Meeting Time Change
Seeing as the meeting time is going to change for anyone who’s recently switched from/to DST, I’d like to move the meeting time to a time that works better for me. I’d like to propose Tuesday, 0:00 UTC (01:00 BST, 10:00 AEST, Monday 20:00 EDT, Monday 17:00 PDT). This time is likely a little worse for some of you, but I’ll be able to consistently be available at this time. In future, we’ll start with a meeting and continue with office hours for the remainder of the time, during which I’ll be working exclusively on the API.

On that note, our next meeting will be this Tuesday. I’d like to discuss the OAuth plans, 1.0 and @iandunn‘s CPT privacy issues. Feel free to propose any other items of importance; otherwise, see you all there! 🙂