A RESTful API for WordPress
JSON API allows you to retrieve and manipulate WordPress content using HTTP requests. There are three main goals:
- Provide a simple, consistent external interface
- Create a stable, understandable internal implementation
- Enable new types of extensions for WordPress
This plugin was created at The Museum of Modern Art for the weblog Inside/Out, which is served from Ruby on Rails. Instead of reimplementing the site templates as a WordPress theme, we opted for a Rails front-end that displays content served from a WordPress back-end. JSON API provides the necessary interface for retrieving content and accepting comment submissions.
See the Other Notes section for the complete documentation.
- Upload the json-apifolder to the/wp-content/plugins/directory or install directly through the plugin installer.
- Activate the plugin through the 'Plugins' menu in WordPress or by using the link provided by the plugin installer.
- Our old friend, in JSON format
- General concepts
 1.1. Requests
 1.2. Controllers
 1.3. Responses
- Request methods
 2.1. Core controller methods
 2.2. Posts controller methods
 2.3. Respond controller methods
 2.4. Widgets controller methods
- Request arguments
 3.1. Output-modifying arguments
 3.2. Content-modifying arguments
 3.3. Using include/exclude and redirects
- Response objects
 4.1. Post response object
 4.2. Category response object
 4.3. Tag response object
 4.4. Author response object
 4.5. Comment response object
 4.6. Attachment response object
- Extending JSON API
 5.1. Plugin hooks
 5.2. Developing JSON API controllers
 5.3. Configuration options
- Unit tests
 6.1. Preparing a WordPress test site
 6.2. Running the tests
Requests use a simple REST-style HTTP GET or POST. To invoke the API, include a non-empty query value for json in the URL.
JSON API operates in two modes:
- Implicit mode is triggered by setting the jsonquery var to a non-empty value on any WordPress page. The content that would normally appear on that page is returned in JSON format.
- Explicit mode is triggered by setting jsonto a known method string. See Section 2: Request methods for a complete method listing.
- http://www.example.org/?json=1
- http://www.example.org/?p=47&json=1
- http://www.example.org/tag/banana/?json=1
- http://www.example.org/?json=get_recent_posts
- http://www.example.org/?json=get_post&post_id=47
- http://www.example.org/?json=get_tag_posts&tag_slug=banana
- http://www.example.org/api/get_recent_posts/
- http://www.example.org/api/get_post/?post_id=47
- http://www.example.org/api/get_tag_posts/?tag_slug=banana
Further reading
See Section 3: Request arguments for more information about request arguments to modify the response.
The 1.0 release of JSON API introduced a modular controller system. This allows developers to flexibly add features to the API and give users more control over which methods they have enabled.
Most of the methods available prior to version 1.0 have been moved to the Core controller. The two exceptions are submit_comment and create_post which are now available from the Respond and Posts controllers, respectively. The Core controller is the only one enabled by default. All other functionality must be enabled from the JSON API Settings page (under Settings in the WordPress admin menu).
There are a few ways of specifying a controller, depending on how you are calling the API:
- http://www.example.org/?json=get_recent_posts(- corecontroller is implied, method is- get_recent_posts)
- http://www.example.org/api/info/(- corecontroller is implied)
- http://www.example.org/api/core/get_category_posts/(- corecontroller can also be explicitly specified)
- http://www.example.org/?json=respond.submit_comment(- respondcontroller,- submit_commentmethod)
Legacy compatibility
JSON API retains support for its pre-1.0 methods. For example, if you invoke the method create_post without a controller specified, the Posts controller is chosen instead of Core.
The current release includes three controllers: Core, Posts, and Respond. Developers are encouraged to suggest or submit additional controllers.
Further reading
See Section 2: Request methods for a complete reference of available controllers and methods. For documentation on extending JSON API with new controllers see Section 5.2: Developing JSON API controllers.
The standard response format for JSON API is (as you may have guessed) JSON.
Here is an example response from http://localhost/wordpress/?json=1 called on a default WordPress installation (formatted for readability):
{
  "status": "ok",
  "count": 1,
  "count_total": 1,
  "pages": 1,
  "posts": [
    {
      "id": 1,
      "type": "post",
      "slug": "hello-world",
      "url": "http:\/\/localhost\/wordpress\/?p=1",
      "title": "Hello world!",
      "title_plain": "Hello world!",
      "content": "<p>Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!<\/p>\n",
      "excerpt": "Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!\n",
      "date": "2009-11-11 12:50:19",
      "modified": "2009-11-11 12:50:19",
      "categories": [],
      "tags": [],
      "author": {
        "id": 1,
        "slug": "admin",
        "name": "admin",
        "first_name": "",
        "last_name": "",
        "nickname": "",
        "url": "",
        "description": ""
      },
      "comments": [
        {
          "id": 1,
          "name": "Mr WordPress",
          "url": "http:\/\/wordpress.org\/",
          "date": "2009-11-11 12:50:19",
          "content": "<p>Hi, this is a comment.<br \/>To delete a comment, just log in and view the post's comments. There you will have the option to edit or delete them.<\/p>\n",
          "parent": 0
        }
      ],
      "comment_count": 1,
      "comment_status": "open"
    }
  ]
}
Request methods are available from the following controllers:
- Core controller - basic introspection methods
- Posts controller - data manipulation methods for posts
- Respond controller - comment/trackback submission methods
- Widgets controller - retrieve sidebar widgets
The Core controller offers a mostly-complete set of introspection methods for retrieving content from WordPress.
Returns information about JSON API.
- controller- returns detailed information about a specific controller
{
  "status": "ok",
  "json_api_version": "1.0",
  "controllers": [
    "core"
  ]
}
{
  "status": "ok",
  "name": "Core",
  "description": "Basic introspection methods",
  "methods": [
    ...
  ]
}
Returns an array of recent posts. You can invoke this from the WordPress home page either by setting json to a non-empty value (i.e., json=1) or from any page by setting json=get_recent_posts.
- count- determines how many posts per page are returned (default value is 10)
- page- return a specific page number from the results
- post_type- used to retrieve custom post types
{
  "status": "ok",
  "count": 10,
  "count_total": 79,
  "pages": 7,
  "posts": [
    { ... },
    { ... },
    ...
  ]
}
Returns posts according to WordPress's WP_Query parameters. The one default parameter is ignore_sticky_posts=1 (this can be overridden).
- count- determines how many posts per page are returned (default value is 10)
- page- return a specific page number from the results
- post_type- used to retrieve custom post types
Further reading
See the WP_Query documentation for a full list of supported parameters. The post_status parameter is currently ignored.
{
  "status": "ok",
  "count": 1,
  "posts": [
    { ... }
  ]
}
Returns a single post object.
- Invoking the JSON API implicitly (i.e., ?json=1) on a post URL
- idor- post_id- set to the post's ID
- slugor- post_slug- set to the post's URL slug
- post_type- used to retrieve custom post types
{
  "status": "ok",
  "post": { ... }
}
Returns a single page object.
- Invoking the JSON API implicitly (i.e., ?json=1) on a page URL
- idor- page_id- set to the page's ID
- slugor- page_slug- set to the page's URL slug
- children- set to a non-empty value to include a recursive hierarchy of child pages
- post_type- used to retrieve custom post types
{
  "status": "ok",
  "page": { ... }
}
Returns an array of posts/pages in a specific date archive (by day, month, or year).
- Invoking the JSON API implicitly (i.e., ?json=1) on a date archive page
- date- set to a date in the format- YYYYor- YYYY-MMor- YYYY-MM-DD(non-numeric characters are stripped from the var, so- YYYYMMDDor- YYYY/MM/DDare also valid)
- count- determines how many posts per page are returned (default value is 10)
- page- return a specific page number from the results
- post_type- used to retrieve custom post types
{
  "status": "ok",
  "count": 10,
  "count_total": 79,
  "pages": 7,
  "posts": [
    { ... },
    { ... },
    ...
  ]
}
Returns an array of posts/pages in a specific category.
- Invoking the JSON API implicitly (i.e., ?json=1) on a category archive page
- idor- category_id- set to the category's ID
- slugor- category_slug- set to the category's URL slug
- count- determines how many posts per page are returned (default value is 10)
- page- return a specific page number from the results
- post_type- used to retrieve custom post types
{
  "status": "ok",
  "count": 10,
  "count_total": 79,
  "pages": 7,
  "category": { ... }
  "posts": [
    { ... },
    { ... },
    ...
  ]
}
Returns an array of posts/pages with a specific tag.
- Invoking the JSON API implicitly (i.e., ?json=1) on a tag archive page
- idor- tag_id- set to the tag's ID
- slugor- tag_slug- set to the tag's URL slug
- count- determines how many posts per page are returned (default value is 10)
- page- return a specific page number from the results
- post_type- used to retrieve custom post types
{
  "status": "ok",
  "count": 10,
  "count_total": 79,
  "pages": 7,
  "tag": { ... }
  "posts": [
    { ... },
    { ... },
    ...
  ]
}
Returns an array of posts/pages written by a specific author.
- Invoking the JSON API implicitly (i.e., ?json=1) on an author archive page
- idor- author_id- set to the author's ID
- slugor- author_slug- set to the author's URL slug
- count- determines how many posts per page are returned (default value is 10)
- page- return a specific page number from the results
- post_type- used to retrieve custom post types
{
  "status": "ok",
  "count": 10,
  "count_total": 79,
  "pages": 7,
  "author": { ... }
  "posts": [
    { ... },
    { ... },
    ...
  ]
}
Returns an array of posts/pages in response to a search query.
- Invoking the JSON API implicitly (i.e., ?json=1) on a search results page
- search- set to the desired search query
- count- determines how many posts per page are returned (default value is 10)
- page- return a specific page number from the results
- post_type- used to retrieve custom post types
{
  "status": "ok",
  "count": 10,
  "count_total": 79,
  "pages": 7,
  "posts": [
    { ... },
    { ... },
    ...
  ]
}
Returns both an array of date page permalinks and a tree structure representation of the archive.
{
  "status": "ok",
  "permalinks": [
    "...",
    "...",
    "..."
  ],
  "tree": {
    "2009": {
      "09": 17,
      "10": 20,
      "11": 7
    }
  }
Note: the tree is arranged by response.tree.[year].[month].[number of posts].
Returns an array of active categories.
- parent- returns categories that are direct children of the parent ID
{
  "status": "ok",
  "count": 3,
  "categories": [
    { ... },
    { ... },
    { ... }
  ]
}
Returns an array of active tags.
{
  "status": "ok",
  "count": 3
  "tags": [
    { ... },
    { ... },
    { ... }
  ]
}
Returns an array of active blog authors.
{
  "status": "ok",
  "count": 3,
  "authors": [
    { ... },
    { ... },
    { ... }
  ]
}
Returns a hierarchical tree of page posts.
{
  "status": "ok",
  "pages": [
    { ... },
    { ... },
    { ... }
  ]
}
Returns a WordPress nonce value, required to call some data manipulation methods.
- controller- the JSON API controller for the method you will use the nonce for
- method- the method you wish to call (currently- create_postis the only method that requires a nonce)
{
  "status": "ok",
  "controller": "posts",
  "method": "create_post",
  "nonce": "cefe01efd4"
}
Further reading
To learn more about how nonces are used in WordPress, see Mark Jaquith's article on the subject.
Creates a new post.
- nonce- available from the- get_noncemethod (call with vars- controller=postsand- method=create_post)
- status- sets the post status ("draft" or "publish"), default is "draft"
- title- the post title
- content- the post content
- author- the post's author (login name), default is the current logged in user
- categories- a comma-separated list of categories (URL slugs)
- tags- a comma-separated list of tags (URL slugs)
Note: including a file upload field called attachment will cause an attachment to be stored with your new post.
Updates a post.
- nonce- available from the- get_noncemethod (call with vars- controller=postsand- method=update_post)
- idor- post_id- set to the post's ID
- slugor- post_slug- set to the post's URL slug
- status- sets the post status ("draft" or "publish"), default is "draft"
- title- the post title
- content- the post content
- author- the post's author (login name), default is the current logged in user
- categories- a comma-separated list of categories (URL slugs)
- tags- a comma-separated list of tags (URL slugs)
Note: including a file upload field called attachment will cause an attachment to be stored with your post.
Deletes a post.
- nonce- available from the- get_noncemethod (call with vars- controller=postsand- method=delete_post)
- idor- post_id- set to the post's ID
- slugor- post_slug- set to the post's URL slug
Submits a comment to a WordPress post.
- post_id- which post to comment on
- name- the commenter's name
- email- the commenter's email address
- content- the comment content
- redirect- redirect instead of returning a JSON object
- redirect_ok- redirect to a specific URL when the status value is- ok
- redirect_error- redirect to a specific URL when the status value is- error
- redirect_pending- redirect to a specific URL when the status value is- pending
- pending- assigned if the comment submission is pending moderation
Retrieves widgets assigned to a sidebar.
- sidebar_id- the name or number of the sidebar to retrieve
API requests can be controlled by specifying one of the following arguments as URL query vars.
- Debug the response: http://www.example.org/api/get_page_index/?dev=1
- Widget-style JSONP output: http://www.example.org/api/get_recent_posts/?callback=show_posts_widget&read_more=More&count=3
- Redirect on error: http://www.example.org/api/posts/create_post/?callback_error=http%3A%2F%2Fwww.example.org%2Fhelp.html
The following arguments modify how you get results back from the API. The redirect response styles are intended for use with the data manipulation methods.
- Setting callbackto a JavaScript function name will trigger a JSONP-style callback.
- Setting redirectto a URL will cause the user's browser to redirect to the specified URL with astatusvalue appended to the query vars (see the Response objects section below for an explanation of status values).
- Setting redirect_[status]allows you to control the resulting browser redirection depending on thestatusvalue.
- Setting devto a non-empty value adds whitespace for readability and responds withtext/plain
- Errors are suppressed unless devis set to a non-empty value
- Setting json_encode_optionswill let you specify an integer bitmask to modify the behavior of PHP'sjson_encode(Note: this option is only recognized in PHP version 5.3+)
- Setting json_unescaped_unicodewill replace unicode-escaped characters with their unescaped equivalents (e.g.,\u00e1becomes á)
- Omitting all of the above arguments will result in a standard JSON response.
These arguments are available to modify all introspection methods:
- date_format- Changes the format of date values. Uses the same syntax as PHP's date() function. Default value is- Y-m-d H:i:s.
- read_more- Changes the 'read more' link text in post content.
- include- Specifies which post data fields to include. Expects a comma-separated list of post fields. Leaving this empty includes all fields.
- exclude- Specifies which post data fields to exclude. Expects a comma-separated list of post fields.
- custom_fields- Includes values from posts' Custom Fields. Expects a comma-separated list of custom field keys.
- author_meta- Includes additional author metadata. Should be a comma-separated list of metadata fields.
- count- Controls the number of posts to include (defaults to the number specified by WordPress)
- order- Controls the order of post results ('DESC' or 'ASC'). Default value is 'DESC'.
- order_by- Controls which field to order results by. Expects one of the following values:- author
- date(default value)
- title
- modified
- menu_order(only works with Pages)
- parent
- ID
- rand
- meta_value(- meta_keymust also be set)
- none
- comment_count
 
- meta_key,- meta_value,- meta_compare- Retrieve posts (or Pages) based on a custom field key or value.
About include/exclude arguments
By default you get all values included with each post object. Specify a list of include values will cause the post object to filter out the values absent from the list. Specifying exclude causes post objects to include all values except the fields you list. For example, the query exclude=comments includes everything except the comments.
About the redirect argument
The redirect response style is useful for when you need the user's browser to make a request directly rather than making proxy requests using a tool like cURL. Setting a redirect argument causes the user's browser to redirect back to the specified URL instead of returning a JSON object. The resulting status value is included as an extra query variable.
For example calling an API method with redirect set to http://www.example.com/foo will result in a redirection to one of the following:
- http://www.example.com/foo?status=ok
- http://www.example.com/foo?status=error
You can also set separate URLs to handle status values differently. You could set redirect_ok to http://www.example.com/handle_ok and redirect_error to http://www.example.com/handle_error in order to have more fine-tuned control over the method result.
This section describes data objects you can retrieve from WordPress and the optional URL redirects.
Status values
All JSON API requests result in a status value. The two basic status values are ok and error. Additional status values are available for certain methods (such as pending in the case of the submit_comment method). API methods that result in custom status values include a custom status values section in their documentation.
Naming compatibility
Developers familiar with WordPress may notice that many names for properties and arguments have been changed. This was a stylistic choice that intends to provide more clarity and consistency in the interface.
- id- Integer
- type- String (e.g.,- postor- page)
- slug- String
- url- String
- title- String
- title_plain- String
- content- String (modified by the- read_moreargument)
- excerpt- String
- date- String (modified by the- date_formatargument)
- modified- String (modified by the- date_formatargument)
- categories- Array of category objects
- tags- Array of tag objects
- authorAuthor object
- comments- Array of comment objects
- attachments- Array of attachment objects
- comment_count- Integer
- comment_status- String (- "open"or- "closed")
- thumbnail- String (only included if a post thumbnail has been specified)
- custom_fields- Object (included by setting the- custom_fieldsargument to a comma-separated list of custom field names)
- taxonomy_(taxonomy)- Array of custom taxonomy objects (these resemble Category or Tag response objects, depending on whether the taxonomy is hierarchical)
Note
The thumbnail attribute returns a URL to the image size specified by the optional thumbnail_size request argument. By default this will use the thumbnail or post-thumbnail sizes, depending on your version of WordPress. See Mark Jaquith's post on the topic for more information.
- id- Integer
- slug- String
- title- String
- description- String
- parent- Integer
- post_count- Integer
- id- Integer
- slug- String
- title- String
- description- String
- post_count- Integer
- id- Integer
- slug- String
- name- String
- first_name- String
- last_name- String
- nickname- String
- url- String
- description- String
Note: You can include additional values by setting the author_meta argument to a comma-separated list of metadata fields.
- id- Integer
- name- String
- url- String
- date- String
- content- String
- parent- Integer
- author- Object (only set if the comment author was registered & logged in)
- id- Integer
- url- String
- slug- String
- title- String
- description- String
- caption- String
- parent- Integer
- mime_type- String
- images- Object with values including- thumbnail,- medium,- large,- full, each of which are objects with values- url,- widthand- height(only set if the attachment is an image)
JSON API exposes several WordPress action and filter hooks as well as a modular controller system for adding new API methods.
JSON API exposes several action and filter hooks to augment its behavior.
This filter controls the array of controllers available to JSON API. The callback function is passed a single argument, an array of strings.
// Add a custom controller
add_filter('json_api_controllers', 'add_my_controller');
function add_my_controller($controllers) {
  // Corresponds to the class JSON_API_MyController_Controller
  $controllers[] = 'MyController';
  return $controllers;
}
Specifies the PHP source file for a given controller, overriding the default location wp-content/plugins/json_api/controllers.
Note
If you your controller file in the json-api/controllers folder JSON API will find it automatically.
// Register the source file for JSON_API_Widgets_Controller
add_filter('json_api_widgets_controller_path', 'widgets_controller_path');
function widgets_controller_path($default_path) {
  return '/path/to/widgets.php';
}
Capitalization
Your filter hook must be all-lowercase to work correctly. The above example would fail with the filter json_api_Widgets_Controller_path, even if that's how the class is capitalized in the PHP source.
This is called just before the output is encoded into JSON format. The value passed will always be an associative array, according to the format described in each method's documentation. Those items described in the Response objects section are passed as PHP objects, not associative arrays.
add_filter('json_api_encode', 'my_encode_kittens');
function my_encode_kittens($response) {
  if (isset($response['posts'])) {
    foreach ($response['posts'] as $post) {
      my_add_kittens($post); // Add kittens to each post
    }
  } else if (isset($response['post'])) {
    my_add_kittens($response['post']); // Add a kittens property
  }
  return $response;
}
function my_add_kittens(&$post) {
  $post->kittens = 'Kittens!';
}
Each JSON API method invokes an action when called.
// Disable get_author_index method (e.g., for security reasons)
add_action('json_api-core-get_author_index', 'my_disable_author_index');
function my_disable_author_index() {
  // Stop execution
  exit;
}
Provides an override for the response HTTP status. Offered for backwards compatibility, since version 1.1.1 and older always returned HTTP 200.
// Retain old HTTP 200 statuses for legacy support
add_filter('json_api_http_status', 'my_http_status');
function my_http_status() {
  return 200;
}
Provides an override for the WP_Query arguments.
// Allow queries of non-published content
add_action('json_api_query_args', 'my_query_args');
function my_query_args($args) {
  $args['post_status'] = array('draft', 'future', 'publish');
}
Called after the JSON API introspector runs wp_query, passes the WP_Query object as its single argument.
To start a new JSON API controller, create a file called hello.php inside wp-content/plugins/json-api/controllers. Add the following class definition:
<?php
class JSON_API_Hello_Controller {
  
  public function hello_world() {
    return array(
      "message" => "Hello, world"
    );
  }
  
}
?>
Your controller is now available as hello, and exposes one hello_world method.
Next, activate your controller from the WordPress admin interface, available from the menu under Settings > JSON API. You can either click on the link to your hello_world method from the admin interface or enter it manually. It should have the form: http://www.example.org/api/hello/hello_world/?dev=1 or http://www.example.org/?json=hello.hello_world&dev=1 (note the use of the dev argument to enable human-readable output). You should get the following output:
{
  "status": "ok",
  "message": "Hello, world"
}
To customize the behavior of your controller, you will want to make use of the global $json_api->query object. Add the following method to your controller:
public function hello_person() {
  global $json_api;
  $name = $json_api->query->name;
  return array(
    "message" => "Hello, $name."
  );
}
Now append the name query var to the method call: http://www.example.org/api/hello/hello_world/?dev=1&name=Alice or http://www.example.org/?json=hello.hello_world&dev=1&name=Alice.
{
  "status": "ok",
  "message": "Hello, Alice"
}
Your controller can use any of the existing WordPress functions to collect data, but JSON API also includes an introspector that wraps data in objects defined in the json-api/models directory. These are the same data models described in Section 4: Response objects.
Here is an example of how you might use the introspector:
// Retrieve posts based on custom field key/value pair
public function get_custom_posts() {
  global $json_api;
  
  // Make sure we have key/value query vars
  if (!$json_api->query->key || !$json_api->query->value) {
    $json_api->error("Include a 'key' and 'value' query var.");
  }
  
  // See also: http://codex.wordpress.org/Template_Tags/query_posts
  $posts = $json_api->introspector->get_posts(array(
    'meta_key' => $json_api->query->key,
    'meta_value' => $json_api->query->value
  ));
  
  return array(
    'key' => $key,
    'value' => $value,
    'posts' => $posts
  );
}
It is recommended that custom controllers are kept outside of json-api/controllers in order to avoid accidental deletion during upgrades or site migrations. To make your controller visible from an external plugin or theme directory you will need to use two filters: json_api_controllers and json_api_[controller]_controller_path. Move the hello.php file from the steps above into your theme's directory. Then add the following to your theme's functions.php file (if your theme doesn't have a file called functions.php you can create one).
function add_hello_controller($controllers) {
  $controllers[] = 'hello';
  return $controllers;
}
add_filter('json_api_controllers', 'add_hello_controller');
function set_hello_controller_path() {
  return "/path/to/theme/hello.php";
}
add_filter('json_api_hello_controller_path', 'set_hello_controller_path');
The following are constants you can define in your wp-config.php folder:
- JSON_API_DIR- set to the directory where JSON API plugin lives (in some cases this can be useful for- mu-pluginswith WordPress MU)
- JSON_API_CONTROLLERS- a comma-separated list of default controllers to enable (this is overridden by the JSON API settings page)
JSON API comes with a set of tests that should make it easier to maintain and reveal incompatibilities when they might occur. This is an ongoing process, I hope to improve the test coverage going forward.
There are a few necessary steps that need to be carried out before the test suite will run properly.
- WordPress should generate a new set of tables before you start, so if you're testing with a wp_table prefix make sure the database has no existing tables of this kind
- Configure and install a new copy of WordPress
- Delete the Hello World post and Sample Page (titled "About" in some versions of WordPress)
- Enable user-friendly URLs from Settings > Permalinks, use the "Day and name" format
- Install + Activate the JSON API plugin and enable all bundled controllers from Settings > JSON API
- Import the Theme Unit Test test data XML file from Settings > Import > WordPress (you will need to install the WordPress Importer plugin)
From the command line, make sure you have the HTTP_Client PEAR package installed:
pear install HTTP_Client
Change directory to tests and run the following:
pear run-tests
You should see the test results print out culminating in a summary:
TOTAL TIME: 00:04
23 PASSED TESTS
0 SKIPPED TESTS