All tools
WordPress tools

REST API Tester

Test WordPress REST API endpoints with any HTTP method and optional Application Password authentication — view formatted JSON responses instantly.

GET / POST / PUT / DELETE Application Password auth Formatted JSON Status code Response headers Custom endpoints
Get started free Sign in

Free · No credit card · 50 credits/day

Built-in WordPress REST API endpoints

Endpoint Method Auth needed Returns
/wp-json/ GET No All registered namespaces and routes
/wp-json/wp/v2/posts GET No Published posts (draft/pending require auth)
/wp-json/wp/v2/pages GET No Published pages
/wp-json/wp/v2/users GET Yes User list (requires administrator role)
/wp-json/wp/v2/settings GET Yes Site settings (title, tagline, URL, etc.)
/wp-json/wp/v2/posts POST Yes Create a new post (author+ role)

Frequently asked questions

What is the WordPress REST API?

A built-in interface allowing external apps to interact with WordPress data via HTTP. Exposes endpoints for posts (/wp-json/wp/v2/posts), pages, users, media and taxonomies. Used internally by Gutenberg. Third-party plugins can register additional endpoints under custom namespaces like /wp-json/wc/v3/ (WooCommerce).

What are WordPress Application Passwords?

Unique passwords (since WP 5.6) allowing REST API authentication without your main credentials. Each is tied to a specific user and can be revoked independently. Create them: Users → Profile → Application Passwords → enter a name → Add New. Use with Basic Authentication: username:application-password (Base64-encoded in the Authorization header).

What are the most useful WordPress REST API endpoints to test?

GET /wp-json/ — all namespaces and routes; GET /wp-json/wp/v2/posts — published posts; GET /wp-json/wp/v2/users (auth) — user list; GET /wp-json/wp/v2/settings (auth) — site settings; POST /wp-json/wp/v2/posts (auth) — create post. Plugins: WooCommerce → /wp-json/wc/v3/, Yoast → /wp-json/yoast/v1/

How do I disable the WordPress REST API for unauthenticated users?

Add to functions.php: add_filter("rest_authentication_errors", function($result) { if (!empty($result)) { return $result; } if (!is_user_logged_in()) { return new WP_Error("rest_not_logged_in", "You are not currently logged in.", array("status" => 401)); } return $result; }); Note: completely disabling the API breaks Gutenberg and some plugins.

Related WordPress tools

More tools for WordPress diagnostics.

Cron & REST API Viewer

Check WP-Cron status and discover active REST API namespaces.

Login Exposure Checker

Check if wp-login.php, wp-admin and xmlrpc.php are publicly accessible.

Theme & Plugin Detector

Identify which plugins and theme a WordPress site is using.

Test any WordPress REST endpoint instantly

Free account. 50 credits per day. Access to 75+ tools instantly.

Create free account →