JSON REST API: Version 0.7

Apologies for the delay on this one, but it’s here now: version 0.7 of the JSON REST API! Go download it now. This is mainly a bugfix release to catch up on all the unreleased items:

  • The response handler object is now passed into the endpoint objects via the constructor, allowing you to avoid excess global state where possible. It’s recommended to use this where possible rather than the global object.

    (props @rmccue, #2)

  • Fix undefined variables and indices
    (props @pippinsplugins, #5)
  • Correct call to deactivation hook
    (props @ericpedia, #9)
  • Check metadata access correctly rather than always hiding for users without
    the edit_post_meta capability
    (props @kokarn, #10)
  • Return all term metadata, rather than just the last one
    (props @afurculita, #13)
  • Access post metadata from cache where possible – Note, this is a backwards compatibility break, as the format of the metadata has changed. This may change again in the near future, so don’t rely on it until 1.0.
    (props @afurculita, #14)
  • Add term_link to prepare_term
    (props @afurculita, #15)
  • Fix hardcoded /pages references in WP_JSON_CustomPostType
    (props @thenbrent, #26)
  • Sanitize headers for newlines
    (props @kokarn, #7)
  • Register rewrite rules during plugin activation
    (props @pippinsplugins, #17)

(As you can see, we had 6 separate contributors to this release, with 3 team members also reviewing and merging code. Thanks to everyone who was involved with this release!)

We’ve also got some future plans, which I’d like to share with you guys now if you haven’t seen them previously (you’re always welcome over at the team o2). This slightly delayed release is a catch-up release, and we’re planning on hitting 0.8 this week, then 0.9 on December 11th and 1.0 on December 18th. We’ll then be taking a short break over Christmas, and letting the code settle for a bit.

The 1.0 release will freeze our (internal PHP and external JSON) core API, with any future changes to be completely backwards compatible. This should coincide with the 3.9-early stage, and we’ll be able to get underway on core integration discussions with this backwards compatibility policy.

The big feature we’re working on now is authentication. After much discussion, we’ve decided that OAuth 1.0a is really the only way to go here. While Basic authentication is nice and simple, it doesn’t give us any sort of CSRF protection, which is a blocker. Luckily for us, WooCommerce has recently added a JSON REST API (based on this project; giant props to Max Rice for his effort and feedback here) and implemented OAuth, so I’m working on porting this back upstream. This should hopefully land in 0.8 (this week) or 0.9 (next week).

As always, if you want to get involved, head on over to our team o2. Now that we’re established, comments have been opened to all, and you’re welcome to suggest new topics via the form too!