This release is a bit of a smaller, more focussed release as we work on increasing test coverage and squashing bugs. Here’s the juicy details:
Add new routes for taxonomies and terms.
Taxonomies and terms have now been moved from the
namespace to global routes:
Test coverage for taxonomy endpoints has also been increased to 100%.
Deprecation warning: The
/posts/types/<type>/taxonomies endpoint (and
sub-endpoints with the same prefix) have been deprecated in favour of the new
endpoints. These deprecated endpoints will now return a
X-WP-DeprecatedFunction header indicating that the endpoint should not be
used for new development, but will continue to work in the future.
(props @kadamwhite, @rachelbaker, @rmccue, #198, #211)
Allow customizing the API resources prefix
The API base (typically
wp-json/) can now be customized to a different
prefix using the
json_url_prefix filter. Note that rewrites will need to be
flushed manually after changing this.
(props @ericandrewlewis, @rmccue, #104, #244, #278)
null as date for draft posts.
Draft posts would previously return “0000-00-00 00:00:00” or
“1970-01-01T00:00:00”, as draft posts are not assigned a publish date. The API
null where a date is not available.
Compatibility warning: Clients should be prepared to accept
null as a
value for date/time fields, and treat it as if no value is set.
(props @rmccue, #229, #230)
Fix errors with excerpt.
Posts without excerpts could previously return nonsense strings, excerpts from
other posts, or cause internal PHP errors. Posts without excerpts will now
always return an excerpt, typically automatically generated from the post
excerpt_raw field was added to the edit context on posts. This field
contains the raw excerpt data saved for the post, including empty
(props @rmccue, #222, #226)
Only expose email for edit context.
User email addresses are now only exposed for
context=edit, which requires
edit_users permission (not required for the current user).
The email address field will now return
false instead of a string if the
field is not exposed.
(props @pkevan, @rmccue, #290, #296)
Correct password-protected post handling.
Password-protected posts could previously be exposed to all users, however
could also have broken behaviour with excerpts. Password-protected posts are
now hidden to unauthenticated users, while content and excerpts are shown
correctly for the
(Note that hiding password-protected posts is intended to be a temporary
measure, and will likely change in the future.)
(props @rmccue, #286, #313)
Add documentation on authentication methods.
Full documentation on authentication
is now available. This documentation explains the difference between the
various available authentication methods, and notes which should be used.
(props @rmccue, #242)
Include new client JS from github.io
wp-api.github.io to ensure it is always up-to-date.
(props @tlovett1, #179, #240)
Don’t allow setting the modification date on post creation/update.
As it turns out, WP core doesn’t allow us to set this, so this was previously
a no-op anyway. Discovered during test coverage phase.
(props @rachelbaker, @rmccue, #285, #288)
Check post parent correctly on insertion.
Posts could previously be added with an invalid parent ID. These IDs are now
checked to ensure the post exists.
(props @rmccue, #228, #231)
Make sure the type is actually evaluated for
This value was previously not interpolated correctly, due to the use of the
single-quoted string type.
(props @danielbachhuber, #266)
WP_Error instead of array of empty objects for a revisions
Previously, when trying to access post revisions without correct permissions,
a JSON list of internal error objects would be returned. This has been
corrected to return a standard API error instead.
(props @rachelbaker, @tlovett1, #251, #276)
Flip user parameters check for insert/update.
Previously, you could add a user without specifying username/password/email,
but couldn’t update a user without those parameters. The logic has been
inverted here instead.
(props @rmccue, #221, #289)
Add revision endpoints tests
(props @danielbachhuber, @rachelbaker, @rmccue, #275, #277, #284, #279)
Add post endpoint testing
Now at >54% coverage for the whole class, and >80% for the main methods. This
figure will continue to rise over the next few releases.
(props @rachelbaker, @rmccue, #99)
Separate helper functions into global namespace.
WP_JSON_Server::get_avatar_url() and `
all been moved into the global namespace to decouple them from the server
Deprecation warning: These methods have been deprecated. The new
json_parse_date() methods should now be used instead.
(props @rmccue, #185, #298)
In case you missed it, the API is now slated for integration in WordPress 4.1. WP Tavern has a great writeup on the details.