WordPress REST API for AI: Developer Guide

·

Dell Openclaw

·



The WordPress REST API is how AI connects to your site. Whether you’re using MCP, building custom integrations, or connecting to automation tools, understanding the REST API is essential for WordPress AI.

What Is the WordPress REST API?

The REST API exposes WordPress functionality as HTTP endpoints. Instead of clicking around wp-admin, you can:

  • GET — Read data (posts, pages, users)
  • POST — Create new content
  • PUT/PATCH — Update existing content
  • DELETE — Remove content

Every WordPress site has the REST API enabled by default at:

https://yoursite.com/wp-json/wp/v2/

Why AI Needs the REST API

AI assistants can’t click buttons or fill out forms. They need programmatic access—which is exactly what the REST API provides.

When you tell an AI agent “create a blog post about productivity,” here’s what happens:

  1. AI generates the content
  2. AI sends a POST request to /wp-json/wp/v2/posts
  3. WordPress creates the post and returns the result
  4. AI confirms success or handles errors

MCP wraps this process in a cleaner interface, but underneath, it’s all REST API calls.

Core Endpoints

Posts

GET    /wp-json/wp/v2/posts          # List posts
GET    /wp-json/wp/v2/posts/{id}      # Get single post
POST   /wp-json/wp/v2/posts           # Create post
PATCH  /wp-json/wp/v2/posts/{id}      # Update post
DELETE /wp-json/wp/v2/posts/{id}      # Delete post

Pages

GET    /wp-json/wp/v2/pages           # List pages
POST   /wp-json/wp/v2/pages           # Create page
PATCH  /wp-json/wp/v2/pages/{id}      # Update page

Media

GET    /wp-json/wp/v2/media           # List media
POST   /wp-json/wp/v2/media           # Upload file
DELETE /wp-json/wp/v2/media/{id}      # Delete file

Taxonomies

GET    /wp-json/wp/v2/categories      # List categories
GET    /wp-json/wp/v2/tags            # List tags
POST   /wp-json/wp/v2/categories      # Create category

Users

GET    /wp-json/wp/v2/users           # List users
GET    /wp-json/wp/v2/users/me        # Current user

Settings

GET    /wp-json/wp/v2/settings        # Read settings
PATCH  /wp-json/wp/v2/settings        # Update settings

Authentication

For AI to write to WordPress, it needs authentication. Two main options:

Application Passwords (Recommended)

Built into WordPress. Go to Users → Profile → Application Passwords.

curl -X POST https://yoursite.com/wp-json/wp/v2/posts \
  -u "username:xxxx xxxx xxxx xxxx xxxx xxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "My AI-Generated Post",
    "content": "This was created via the REST API.",
    "status": "draft"
  }'

JWT Authentication

For more complex setups, use JWT tokens. Requires a plugin like JWT Authentication for WP REST API.

# Get token
curl -X POST https://yoursite.com/wp-json/jwt-auth/v1/token \
  -d "username=user&password=pass"

# Use token
curl -X GET https://yoursite.com/wp-json/wp/v2/posts \
  -H "Authorization: Bearer eyJ0eXAiOiJKV1Q..."

Common AI Operations

Create a Post

POST /wp-json/wp/v2/posts
{
  "title": "10 Productivity Tips for Remote Workers",
  "content": "<p>Working from home requires...</p>",
  "status": "draft",
  "categories": [5, 12],
  "tags": [23, 45],
  "meta": {
    "_yoast_wpseo_metadesc": "Boost your productivity..."
  }
}

Bulk Update Posts

# Get all posts missing meta descriptions
GET /wp-json/wp/v2/posts?per_page=100&meta_key=_yoast_wpseo_metadesc&meta_value=

# Update each post
PATCH /wp-json/wp/v2/posts/{id}
{
  "meta": {
    "_yoast_wpseo_metadesc": "AI-generated description..."
  }
}

Upload Media

POST /wp-json/wp/v2/media
Content-Type: image/jpeg
Content-Disposition: attachment; filename="featured.jpg"

[binary image data]

Search Content

# Search posts
GET /wp-json/wp/v2/posts?search=productivity

# Filter by category
GET /wp-json/wp/v2/posts?categories=5

# Filter by date
GET /wp-json/wp/v2/posts?after=2025-01-01T00:00:00&before=2025-12-31T23:59:59

REST API vs MCP

You might wonder: if the REST API works, why use MCP?

REST API Directly MCP
You build the integration Pre-built tool definitions
AI needs explicit tool functions AI discovers capabilities automatically
Manual error handling Standardized responses
Works with any AI Requires MCP-compatible client
Full control, more work Less work, some abstraction

Use REST API directly when: You’re building a custom application, need full control, or your AI doesn’t support MCP.

Use MCP when: You want quick setup, standard tool interfaces, and automatic capability discovery.

Extending the REST API for AI

Custom Endpoints

Create endpoints for AI-specific operations:

add_action('rest_api_init', function() {
    register_rest_route('ai/v1', '/content-audit', [
        'methods' => 'GET',
        'callback' => 'run_content_audit',
        'permission_callback' => function() {
            return current_user_can('edit_posts');
        }
    ]);
});

function run_content_audit() {
    $posts = get_posts([
        'post_type' => 'post',
        'posts_per_page' => -1,
        'post_status' => 'publish'
    ]);
    
    $issues = [];
    foreach ($posts as $post) {
        // Check for missing meta description
        $meta = get_post_meta($post->ID, '_yoast_wpseo_metadesc', true);
        if (empty($meta)) {
            $issues[] = [
                'post_id' => $post->ID,
                'title' => $post->post_title,
                'issue' => 'missing_meta_description'
            ];
        }
    }
    
    return ['issues' => $issues, 'total' => count($issues)];
}

Exposing Plugin Data

Make plugin data available to AI:

// Expose WooCommerce orders
add_action('rest_api_init', function() {
    register_rest_route('ai/v1', '/recent-orders', [
        'methods' => 'GET',
        'callback' => function($request) {
            $orders = wc_get_orders([
                'limit' => $request->get_param('limit') ?: 10,
                'orderby' => 'date',
                'order' => 'DESC'
            ]);
            
            return array_map(function($order) {
                return [
                    'id' => $order->get_id(),
                    'total' => $order->get_total(),
                    'status' => $order->get_status(),
                    'date' => $order->get_date_created()->format('Y-m-d')
                ];
            }, $orders);
        },
        'permission_callback' => function() {
            return current_user_can('manage_woocommerce');
        }
    ]);
});

Security Best Practices

  • Use application passwords — Not your main account password
  • Create dedicated users — With only necessary capabilities
  • Use HTTPS — Never send credentials over HTTP
  • Rate limit — Protect against runaway AI loops
  • Log requests — Track what the AI does
  • Validate inputs — Even from trusted AI sources

Troubleshooting

“401 Unauthorized”

  • Check application password is correct
  • Verify the user exists and has permissions
  • Ensure HTTPS is working (some hosts block HTTP auth)

“403 Forbidden”

  • User lacks required capabilities
  • Security plugin blocking REST API
  • Check rest_authentication_errors filter

“rest_no_route”

  • Endpoint doesn’t exist
  • Plugin providing endpoint is deactivated
  • Permalink structure issue (try re-saving permalinks)

Next Steps

Now that you understand how WordPress REST API powers AI:

  1. Try making API calls with curl or Postman
  2. Set up MCP for easier AI integration
  3. Build custom endpoints for your specific needs
  4. Connect your AI agent and start automating

Set Up WordPress MCP →

Related Guides

Recommended Posts


How to Build an AI Agent for WordPress (3 Methods)

Manage Multiple WordPress Sites with AI