WP REST API Tester

The Ultimate WordPress REST API Tester & Postman Alternative

The WordPress REST API has revolutionized how developers interact with the CMS. It transformed WordPress from a traditional monolithic blogging platform into a fully decoupled, headless application framework. Our WP REST API Tester is a lightweight, purely client-side alternative to bulky software like Postman or Insomnia. It is specifically designed to help you debug, authenticate, and analyze WordPress JSON endpoints directly from your browser.

What is the WordPress REST API?

The WP REST API provides API endpoints for WordPress data types that allow developers to interact with sites remotely by sending and receiving JSON (JavaScript Object Notation) objects. It enables you to create, read, update, and delete (CRUD) posts, pages, users, taxonomy terms, and custom post types using standard HTTP methods (GET, POST, PUT, DELETE).

Common WordPress Endpoints to Test

If you are new to the REST API, here are some of the most common default routes you can test simply by pasting your URL into our generator:

• /wp-json/ - The discovery endpoint. Returns the API index, site metadata, and available namespaces.
• /wp-json/wp/v2/posts - GET retrieves a list of posts. POST creates a new post (requires auth).
• /wp-json/wp/v2/users - Retrieves public user data. If authenticated as an admin, retrieves all user data including emails.
• /wp-json/wp/v2/media - Used for uploading images and fetching the media library.
• /wp-json/wc/v3/products - If you run WooCommerce, this endpoint gives you full access to your product catalog.

Authentication: Application Passwords vs JWT

By default, the WordPress REST API allows public read access (GET requests) to published content. However, to create, edit, or delete content, or to read private data, you must authenticate your request. Our tool supports the two most common methods:

1. Application Passwords (Basic Auth)

Since WordPress 5.6, Application Passwords are built into the core. You can generate one by going to Users > Profile in your WP Dashboard. It creates a 16-character string. In our tool, select "Basic Auth", enter your WordPress username, and paste the Application Password. Our tool automatically encodes this into an Authorization: Basic header. This is the safest and easiest way to test APIs without giving out your actual admin password.

2. JWT (JSON Web Tokens)

If you are building a headless WordPress app (using React, Vue, or Next.js), you are likely using a JWT plugin (like JWT Authentication for WP REST API). This allows stateless authentication. Simply generate your token, select "Bearer Token" in our UI, and paste it in. Our tool will construct the Authorization: Bearer {token} header.

Troubleshooting Common REST API Errors

When testing endpoints, you might encounter specific HTTP status codes. Here is what they mean in the context of WordPress:

• 401 Unauthorized: You attempted to access a protected route (like creating a post) without providing an Authorization header, or your token/password is invalid.
• 403 Forbidden: You are authenticated, but your user role does not have the required capability (e.g., an Author trying to edit a site setting).
• 404 Not Found: The endpoint does not exist. Check if your custom post type has 'show_in_rest' => true enabled in your register_post_type() function.
• CORS Policy Blocked: If our tool fails to fetch an external URL but works when you copy the generated cURL command into your terminal, the target server is blocking cross-origin requests. To fix this on your WordPress site, you can hook into rest_api_init and add custom Access-Control-Allow-Origin headers.

Why Use This Tool Instead of Postman?

While Postman is a fantastic enterprise tool, it requires downloading a heavy desktop app, creating an account, and managing workspaces. Our WP REST API Tester is instant, requires zero setup, and generates ready-to-use cURL commands that you can immediately paste into your terminal or PHP scripts. It is the perfect rapid-debugging tool for WordPress developers.