This release is a bit of a smaller, more focussed release as we work on increasing test coverage and squashing bugs. Here’s the juicy details:
Add new routes for taxonomies and terms.
Taxonomies and terms have now been moved from the
namespace to global routes:
Test coverage for taxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies. endpoints has also been increased to 100%.
Deprecation warning: The
/posts/types/<type>/taxonomies endpoint (and
sub-endpoints with the same prefix) have been deprecated in favour of the new
endpoints. These deprecated endpoints will now return a
X-WP-DeprecatedFunction header The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. indicating that the endpoint should not be
used for new development, but will continue to work in the future.
(props @kadamwhite, @rachelbaker, @rmccue, #198, #211)
Allow customizing the API An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. resources prefix
The API base (typically
wp-json/) can now be customized to a different
prefix using the
json_url_prefix filter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output.. Note that rewrites will need to be
flushed manually after changing this.
(props @ericandrewlewis, @rmccue, #104, #244, #278)
null as date for draft posts.
Draft posts would previously return “0000-00-00 00:00:00” or
“1970-01-01T00:00:00”, as draft posts are not assigned a publish date. The API
null where a date is not available.
Compatibility warning: Clients should be prepared to accept
null as a
value for date/time fields, and treat it as if no value is set.
(props @rmccue, #229, #230)
Fix errors with excerpt An excerpt is the description of the blog post or page that will by default show on the blog archive page, in search results (SERPs), and on social media. With an SEO plugin, the excerpt may also be in that plugin’s metabox..
Posts without excerpts could previously return nonsense strings, excerpts from
other posts, or cause internal PHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher errors. Posts without excerpts will now
always return an excerpt, typically automatically generated from the post
excerpt_raw field was added to the edit context on posts. This field
contains the raw excerpt data saved for the post, including empty
(props @rmccue, #222, #226)
Only expose email for edit context.
User email addresses are now only exposed for
context=edit, which requires
edit_users permission (not required for the current user).
The email address field will now return
false instead of a string if the
field is not exposed.
(props @pkevan, @rmccue, #290, #296)
Correct password-protected post handling.
Password-protected posts could previously be exposed to all users, however
could also have broken behaviour with excerpts. Password-protected posts are
now hidden to unauthenticated users, while content and excerpts are shown
correctly for the
(Note that hiding password-protected posts is intended to be a temporary
measure, and will likely change in the future.)
(props @rmccue, #286, #313)
Add documentation on authentication methods.
Full documentation on authentication
is now available. This documentation explains the difference between the
various available authentication methods, and notes which should be used.
(props @rmccue, #242)
wp-api.github.io to ensure it is always up-to-date.
(props @tlovett1, #179, #240)
Don’t allow setting the modification date on post creation/update.
As it turns out, WP core Core is the set of software required to run WordPress. The Core Development Team builds WordPress. doesn’t allow us to set this, so this was previously
a no-op anyway. Discovered during test coverage phase.
(props @rachelbaker, @rmccue, #285, #288)
Check post parent correctly on insertion.
Posts could previously be added with an invalid A resolution on the bug tracker (and generally common in software development, sometimes also notabug) that indicates the ticket is not a bug, is a support request, or is generally invalid. parent ID. These IDs are now
checked to ensure the post exists.
(props @rmccue, #228, #231)
Make sure the type is actually evaluated for
This value was previously not interpolated correctly, due to the use of the
single-quoted string type.
(props @danielbachhuber, #266)
WP_Error instead of array of empty objects for a revisions The WordPress revisions system stores a record of each saved draft or published update. The revision system allows you to see what changes were made in each revision by dragging a slider (or using the Next/Previous buttons). The display indicates what has changed in each revision.
Previously, when trying to access post revisions without correct permissions,
corrected to return a standard API error instead.
(props @rachelbaker, @tlovett1, #251, #276)
Flip user parameters check for insert/update.
Previously, you could add a user without specifying username/password/email,
but couldn’t update a user without those parameters. The logic has been
inverted here instead.
(props @rmccue, #221, #289)
Add revision endpoints tests
(props @danielbachhuber, @rachelbaker, @rmccue, #275, #277, #284, #279)
Add post endpoint testing
Now at >54% coverage for the whole class, and >80% for the main methods. This
figure will continue to rise over the next few releases.
(props @rachelbaker, @rmccue, #99)
Separate helper functions into global namespace.
WP_JSON_Server::get_avatar_url() and `
all been moved into the global namespace to decouple them from the server
Deprecation warning: These methods have been deprecated. The new
json_parse_date() methods should now be used instead.
(props @rmccue, #185, #298)
In case you missed it, the API is now slated for integration in WordPress 4.1. WP Tavern has a great writeup on the details.