API Team Update Sept. 27 2016
Since the previous API team update the group has been making steady progress through the gameplan outlined in that post. To give a quick update on a few key “quirky” issues that had been identified:
As noted in last week’s dev chat, password-protected posts will be included in collections with their content set to
'', and the content can be viewed by passing
?password=XXXXX as a query or GET parameter when querying for a specific post. Query parameters are not an ideal solution: Authorization headers are out because you can’t have multiple authorization schemes in one request; cookies don’t afford enough control to browser clients, and custom headers aren’t respected by caches. See GH issue #2701 for more background, and check out the open pull request to review the specifics of the implementation.
After much debate there is now a path forward for handling sticky posts as well. Following this open pull request, sticky posts are included in the
/wp/v2/posts collection, but are not given special treatment in terms of ordering—a sticky post will, by default, be displayed ordered by date or whatever
orderby has been set for the request. The parameter
?sticky=true may be passed to return only sticky posts;
?sticky=false may be passed to exclude sticky posts from the response.
There is ongoing discussion around how the API could surface posts in the “normal loop order,” with stickies on top, followed by non-sticky posts. @jorbin will propose a follow-up enhancement that could be added in to the API in a later cycle. See GH issue #2210 and associated slack discussion for more commentary.
A pull request is open on the API meta endpoints repository to add support for registering meta with the API using the main
register_meta function. This PR includes a comprehensive readme explaining how meta handling works. Once merged & reviewed, this functionality will be PR’d against the primary REST API plugin repository.
Site Settings (Options) Support
A pull request has merged into the API site endpoints repository which adds support for accessing and manipulating site settings through the API. These endpoints will be PR’d against the core REST API plugin repository this week.
Discussion items for 9/28 dev chat
This project is not quite done yet, and in tomorrow’s dev chat the API team will be looking to the broader WordPress team for input on three priority issues that need a decision:
- Whether the API should follow core behavior and save a revision every time a post is updated
- How to handle image permissions, specifically for the case where an image is attached (uploaded) to a private post and then featured in a public post
- Whether (and how) to expose edit locks through the API
Please join us in #core-restapi on chat.wordpress.org for our next two group meetings: