WordPress REST API — What You Can Do Beyond Basic Posts

Most developers know the WordPress REST API exists. But few go beyond fetching posts with GET /wp-json/wp/v2/posts. The truth is, the REST API is a full-featured interface to your WordPress site — and once you understand its depth, it changes how you build with WordPress entirely.

1. Custom Post Types & Custom Fields

By default, the REST API exposes posts, pages, and media. But you can register your own custom post types and make them available via the API with a single argument:

register_post_type('project', [
    'public'       => true,
    'show_in_rest' => true, // This is the key
    'rest_base'    => 'projects',
    'label'        => 'Projects',
]);

Now your custom post type is available at /wp-json/wp/v2/projects — with full CRUD support.

Want to expose custom fields (meta)? Register them properly:

register_post_meta('project', 'client_name', [
    'show_in_rest' => true,
    'single'       => true,
    'type'         => 'string',
]);

2. Authentication — Beyond Cookies

The REST API supports multiple authentication methods depending on your use case:

• Cookie auth — works for logged-in users on the same domain (nonce required)
• Application Passwords — built into WordPress since 5.6, great for server-to-server calls
• JWT — via plugins like JWT Auth, ideal for headless setups with separate frontends
• OAuth — for third-party integrations

For headless WordPress with a Next.js or Nuxt frontend, Application Passwords or JWT are the cleanest approach. Generate an Application Password from the user profile page, then pass it as Basic Auth on every request.

const res = await fetch('https://your-site.com/wp-json/wp/v2/posts', {
  headers: {
    'Authorization': 'Basic ' + btoa('username:application_password')
  }
});

3. Creating & Updating Content Programmatically

The API isn’t just for reading. You can create posts, upload media, and manage taxonomies entirely via HTTP requests:

POST /wp-json/wp/v2/posts
Content-Type: application/json

{
  "title": "My New Post",
  "content": "Hello world from the API.",
  "status": "publish",
  "categories": [3],
  "tags": [12, 15]
}

This is exactly how tools like headless CMS workflows, AI content pipelines, and editorial automation systems push content into WordPress without ever touching the admin panel.

4. Media Uploads

Uploading images via the REST API is straightforward — send a POST to /wp-json/wp/v2/media with the file as binary and set the Content-Disposition header:

curl -X POST https://your-site.com/wp-json/wp/v2/media   -u "username:app_password"   -H "Content-Disposition: attachment; filename=photo.jpg"   -H "Content-Type: image/jpeg"   --data-binary @photo.jpg

Once uploaded, attach it to a post using the featured_media field.

5. Custom REST Endpoints

Beyond the built-in endpoints, you can register your own routes — perfect for custom business logic:

add_action('rest_api_init', function () {
    register_rest_route('myplugin/v1', '/stats', [
        'methods'             => 'GET',
        'callback'            => 'get_site_stats',
        'permission_callback' => '__return_true',
    ]);
});

function get_site_stats() {
    return [
        'posts'    => wp_count_posts()->publish,
        'users'    => count_users()['total_users'],
        'comments' => wp_count_comments()->approved,
    ];
}

Your endpoint is now available at /wp-json/myplugin/v1/stats. This is powerful for building dashboards, mobile apps, or any external service that needs WordPress data in a custom format.

6. Filtering & Querying

The REST API supports rich query parameters out of the box:

# Get 5 posts from category 3, ordered by date
GET /wp-json/wp/v2/posts?categories=3&per_page=5&orderby=date&order=desc

# Search posts
GET /wp-json/wp/v2/posts?search=laravel

# Get posts by author
GET /wp-json/wp/v2/posts?author=1

For more advanced filtering, you can hook into rest_query_vars to expose additional WP_Query arguments to the API.

Final Thoughts

The WordPress REST API is one of the most underutilised tools in the ecosystem. Whether you’re building a headless frontend, automating content workflows, or integrating WordPress with external services, the API gives you everything you need — without plugins.

Start with the basics, then explore custom endpoints and meta registration. Once you do, you’ll stop thinking of WordPress as just a blogging platform and start seeing it as a proper content backend.