In WordPress 6.8, the REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/. will allow public access to menu data.

That enhancementenhancement Enhancements are simple improvements to WordPress, such as the addition of a hook, a new feature, or an improvement to an existing feature. addresses a longstanding need for headless CMS implementations and custom front-end applications. Before, accessing menu data via the REST API required user authentication with appropriate capabilities. In turn, that limited the potential user base for REST API implementations.

Now, with this update, you can expose menus, menu items, and menu locations publicly via the REST API, making WordPress content available to more platforms than ever.

Key Changes for Developers:

• FilterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. to Control Menu Exposure: A new filter, rest_menu_read_access, manages the visibility of menu data in the REST API.  By default, menus are not exposed publicly.  You can use this filter to specify which menus should be accessible via the REST API.
• Per-Menu and Endpoint-Level Control: The rest_menu_read_access filter can be used to expose specific menus—and now also applies to menu items and menu locations—based on custom logic.  The filter receives the current REST controller class as a parameter, allowing developers to control public exposure granularly depending on which endpoint is being accessed.  This provides powerful flexibility to tailor REST API access across different menu-related endpoints, while ensuring that only intended data is made public.

Code Example:

To expose all menus publicly via the REST API, add this code to your theme’s functions.php file or a custom pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party:

add_filter( 'rest_menu_read_access', '__return_true' );

This snippet uses the rest_menu_read_access filter to return true for all menus, making them accessible through the REST API.

For more selective exposure, you can implement conditional logic within the filter:

function filter_primary_menu_rest_visibility( $show_in_rest, $request, $instance ) {

   if( $instance::class !== ‘WP_REST_Menu_Locations_Controller’ ){

       return $show_in_rest;

   }

   if ( isset( $request['location'] ) && 'primary' === $request['location'] ) {

       return true;

   }

   return $show_in_rest;

}

add_filter( 'rest_menu_read_access', 'filter_primary_menu_rest_visibility', 10, 3 );

In this example, only the request to the primary menu location, (wp-json/wp/v2/menu-locations/primary) is exposed via the REST API, while others remain restricted.

Extensibility Considerations:

• Default Behavior: Menus are not exposed publicly by default.  Developers must explicitly opt-in to expose menu data via the REST API using the provided filter.
• Backward Compatibility: This enhancement is fully backward-compatible.  Existing functionality remains unchanged unless the new filter is utilized to alter the default behavior.
• Security Implications: When exposing menu data publicly, consider the content and structure of your menus to ensure no sensitive information is inadvertently made accessible.

These new capabilities give you the power to seamlessly integrate WordPress menus into decoupled architectures and enhance the flexibility of your content delivery strategies.  For more information, visit #54304.

Props to @joemcgill @spacedmonkey @marybaum @benjamin_zekavica for authoring and review.

#6-8-2, #dev-notes, #dev-notes-6-8