內容簡介
Infospica Headless API 將 WordPress 轉換為安全且靈活的無頭內容管理系統,提供自訂的 REST API 命名空間,具備完整的 CRUD 功能,適合各種無頭架構及應用程式。
【主要功能】
• 自訂 API 命名空間及版本控制
• 完整的 CRUD 端點支援
• 支援頁面、文章及自訂文章類型
• 可選的 ACF 欄位支援
• 認證驅動的讀寫存取
• 內建分頁支援
外掛標籤
開發者團隊
原文外掛簡介
Infospica Headless API is a WordPress REST API plugin that transforms your WordPress site into a secure, scalable headless CMS with fully isolated custom REST API endpoints.
Build modern frontend applications using Next.js, React, Vue, Angular, or mobile apps — powered by WordPress as a backend API, without touching the default WordPress REST API.
Looking for a secure WordPress REST API plugin for headless CMS? Infospica Headless API gives you a custom namespace, full CRUD support, ACF field access, and authentication control — all from a clean WordPress admin UI.
Why use Infospica Headless API?
Most developers using WordPress as a headless CMS face the same problems: the default REST API exposes too much data publicly, offers no namespace control, and has weak write protection.
Infospica Headless API solves all of that with a dedicated, configurable API layer purpose-built for modern headless WordPress architectures.
Key advantages:
Fully isolated API namespace — no interference with default WordPress REST API
Every endpoint requires authentication — no accidental public data exposure
Write operations are locked to WordPress capability checks
Works with any headless frontend: Next.js, Nuxt, React, Vue, Angular, or mobile
Key Features
Custom WordPress REST API namespace with version control (/wp-json/my-api/v1/)
Full CRUD endpoints — GET, POST, PUT, PATCH, DELETE
Supports Pages, Posts, and Custom Post Types (CPT)
ACF field support — include Advanced Custom Fields in API responses
Authentication-aware — all endpoints require authentication; write operations require capabilities
CSRF protection — nonce validation enforced for cookie-based authentication
Pagination — ?page and ?per_page on all list endpoints (max 50 per page)
WooCommerce-safe — core WooCommerce pages automatically excluded
Clean admin UI — manage namespace, version, and enabled content types
Clean uninstall — removes all plugin options on uninstall
Use Cases
Headless WordPress with Next.js — fetch posts, pages, and CPTs via secure REST API
WordPress REST API for React or Vue — isolated namespace, no public data leakage
Mobile app backend — use WordPress as a content API for iOS or Android apps
SaaS platforms — use WordPress as a headless CMS for multi-tenant applications
ACF API — expose Advanced Custom Fields data via authenticated REST endpoints
CPT API — serve Custom Post Type data to any external frontend or service
Security
All endpoints require authentication — including read (GET) requests
Write operations require WordPress capability checks (edit_posts, delete_posts)
Nonce validation enforced for all cookie-based write requests (CSRF protection)
Email addresses and sensitive user data never included in API responses
WooCommerce core pages (Shop, Cart, Checkout, My Account) excluded automatically
Authentication
All endpoints require authentication.
Supported methods:
Application Passwords (recommended) — available since WordPress 5.6; generate under Users → Profile and send as Basic Auth header
WordPress login cookies — for browser or admin usage; write requests require X-WP-Nonce header or _wpnonce parameter
Any authentication method that correctly sets the WordPress user context
Write operations are additionally restricted by WordPress user capabilities.
Available Endpoints
Base URL structure:
/wp-json/{namespace}/{version}/
Example:
/wp-json/my-api/v1/
Status
GET /status
Pages
GET /pages
GET /pages/{id}
POST /pages
PUT /pages/{id}
PATCH /pages/{id}
DELETE /pages/{id}
Posts
GET /posts
GET /posts/{id}
POST /posts
PUT /posts/{id}
PATCH /posts/{id}
DELETE /posts/{id}
Custom Post Types
GET /{post-type}
GET /{post-type}/{id}
POST /{post-type}
PUT /{post-type}/{id}
PATCH /{post-type}/{id}
DELETE /{post-type}/{id}
Pagination
All list endpoints support pagination parameters:
?page=1&per_page=10 (maximum 50 results per page)
Example:
/wp-json/my-api/v1/posts?page=2&per_page=5
License
This plugin is licensed under GPLv2 or later.
See: https://www.gnu.org/licenses/gpl-2.0.html
