Descripción
Infospica Headless API is a WordPress REST API plugin that transforms your WordPress site into a secure, scalable headless CMS with fully isolated custom REST API endpoints.
Build modern frontend applications using Next.js, React, Vue, Angular, or mobile apps — powered by WordPress as a backend API, without touching the default WordPress REST API.
Looking for a secure WordPress REST API plugin for headless CMS? Infospica Headless API gives you a custom namespace, full CRUD support, ACF field access, and authentication control — all from a clean WordPress admin UI.
Why use Infospica Headless API?
Most developers using WordPress as a headless CMS face the same problems: the default REST API exposes too much data publicly, offers no namespace control, and has weak write protection.
Infospica Headless API solves all of that with a dedicated, configurable API layer purpose-built for modern headless WordPress architectures.
Key advantages:
- Fully isolated API namespace — no interference with default WordPress REST API
- Every endpoint requires authentication — no accidental public data exposure
- Write operations are locked to WordPress capability checks
- Works with any headless frontend: Next.js, Nuxt, React, Vue, Angular, or mobile
Key Features
- Custom WordPress REST API namespace with version control (
/wp-json/my-api/v1/) - Full CRUD endpoints — GET, POST, PUT, PATCH, DELETE
- Supports Pages, Posts, and Custom Post Types (CPT)
- ACF field support — include Advanced Custom Fields in API responses
- Authentication-aware — all endpoints require authentication; write operations require capabilities
- CSRF protection — nonce validation enforced for cookie-based authentication
- Pagination —
?pageand?per_pageon all list endpoints (max 50 per page) - WooCommerce-safe — core WooCommerce pages automatically excluded
- Clean admin UI — manage namespace, version, and enabled content types
- Clean uninstall — removes all plugin options on uninstall
Use Cases
- Headless WordPress with Next.js — fetch posts, pages, and CPTs via secure REST API
- WordPress REST API for React or Vue — isolated namespace, no public data leakage
- Mobile app backend — use WordPress as a content API for iOS or Android apps
- SaaS platforms — use WordPress as a headless CMS for multi-tenant applications
- ACF API — expose Advanced Custom Fields data via authenticated REST endpoints
- CPT API — serve Custom Post Type data to any external frontend or service
Security
- All endpoints require authentication — including read (GET) requests
- Write operations require WordPress capability checks (
edit_posts,delete_posts) - Nonce validation enforced for all cookie-based write requests (CSRF protection)
- Email addresses and sensitive user data never included in API responses
- WooCommerce core pages (Shop, Cart, Checkout, My Account) excluded automatically
Authentication
All endpoints require authentication.
Supported methods:
- Application Passwords (recommended) — available since WordPress 5.6; generate under Users Profile and send as Basic Auth header
- WordPress login cookies — for browser or admin usage; write requests require
X-WP-Nonceheader or_wpnonceparameter - Any authentication method that correctly sets the WordPress user context
Write operations are additionally restricted by WordPress user capabilities.
Available Endpoints
Base URL structure:
/wp-json/{namespace}/{version}/
Example:
/wp-json/my-api/v1/
Status
GET /status
Pages
GET /pages
GET /pages/{id}
POST /pages
PUT /pages/{id}
PATCH /pages/{id}
DELETE /pages/{id}
Posts
GET /posts
GET /posts/{id}
POST /posts
PUT /posts/{id}
PATCH /posts/{id}
DELETE /posts/{id}
Custom Post Types
GET /{post-type}
GET /{post-type}/{id}
POST /{post-type}
PUT /{post-type}/{id}
PATCH /{post-type}/{id}
DELETE /{post-type}/{id}<h3>Pagination</h3>
All list endpoints support pagination parameters:
?page=1&per_page=10 (maximum 50 results per page)
Example:
/wp-json/my-api/v1/posts?page=2&per_page=5<h3>License</h3>
This plugin is licensed under GPLv2 or later.
See: https://www.gnu.org/licenses/gpl-2.0.html
Capturas
Instalación
- Upload the plugin folder to
/wp-content/plugins/infospica-headless-api/ - Activate the plugin from the Plugins screen in WordPress admin
- Navigate to Infospica Headless API in the admin menu
- Set your API namespace, version, and enable the content types you need
- Save settings
- Use the generated endpoint URLs in your headless frontend or mobile app
FAQ
-
What is a headless WordPress REST API plugin?
-
A headless WordPress REST API plugin lets you use WordPress purely as a content backend, serving data to any frontend — Next.js, React, Vue, Angular, or a mobile app — via REST API endpoints. Infospica Headless API creates a secure, isolated custom namespace for this purpose, separate from the default WordPress REST API.
-
Does this replace the default WordPress REST API?
-
No. Infospica Headless API creates a completely separate custom REST namespace. The default WordPress REST API at
/wp-json/wp/v2/remains fully unchanged and unaffected. -
How is this different from the default WordPress REST API?
-
The default REST API exposes data publicly without authentication. Infospica Headless API creates an isolated namespace where every endpoint requires authentication, write operations are capability-checked, and you control exactly which content types are exposed.
-
Is authentication required for all endpoints?
-
Yes. Every endpoint — including GET (read) requests — requires authentication. Write operations additionally require the appropriate WordPress capability (
edit_posts,delete_posts, etc.). -
How do I authenticate API requests from a Next.js or React app?
-
Use WordPress Application Passwords (available since WordPress 5.6). Generate one under Users Profile, then send it as a Basic Auth header with every API request. This is the recommended method for all headless frontend applications.
-
Does it support ACF (Advanced Custom Fields)?
-
Yes. Enable ACF support in the plugin settings to include ACF custom fields in API responses. Advanced Custom Fields must be installed and active.
-
Does it support Custom Post Types (CPT)?
-
Yes. Any public CPT with
show_in_restenabled will automatically get REST API endpoints once CPT support is enabled in the plugin settings. -
Does it work with WooCommerce?
-
WooCommerce core pages (Shop, Cart, Checkout, My Account) are automatically excluded from page responses to prevent conflicts. Full WooCommerce product API support may be added in a future release.
-
Can I use this for a Next.js headless WordPress site?
-
Yes. This plugin is built specifically for headless WordPress architectures. Use Application Passwords for authentication and call the REST API endpoints from your Next.js
getStaticProps,getServerSideProps, or App Router server components. -
What is the best WordPress REST API plugin for headless CMS?
-
If you need a secure, isolated REST API namespace with full CRUD support, CPT integration, ACF compatibility, and authentication control — Infospica Headless API is purpose-built for exactly that use case.
-
Does it support pagination?
-
Yes. All list endpoints support
?page=1&per_page=10. The maximum is 50 results per page. -
Is there a status endpoint to verify the API is working?
-
Yes. Send an authenticated
GETrequest to/wp-json/{namespace}/{version}/statusto confirm the API is active and check the current plugin version.
Reseñas
No hay valoraciones para este plugin.
Colaboradores y desarrolladores
«Infospica Headless API» es un software de código abierto. Las siguientes personas han colaborado con este plugin.
Colaboradores
Traduce «Infospica Headless API» a tu idioma.
¿Interesado en el desarrollo?
Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.
Registro de cambios
1.0.1
- Tested compatibility with WordPress 7.0
- Improved PHP 8.x compatibility for REST API content handling
- Added 772×250 plugin banner asset
- Minor code quality improvements
1.0.0
- Initial stable release
- Custom namespace-based REST API
- Full CRUD support for Pages, Posts, and CPTs
- ACF field integration
- Pagination support
- Admin UI with endpoint reference
- Clean uninstall