Description
Infospica Headless API transforms WordPress into a secure and flexible headless CMS by providing a custom REST API namespace with full CRUD capabilities.
Instead of modifying the default WordPress REST API, this plugin creates an isolated and configurable API layer designed specifically for secure and scalable headless architectures.
Ideal for
- Headless WordPress (Next.js, Nuxt, React, Vue, Angular)
- Mobile applications
- SaaS platforms
- Custom frontend integrations
- API-driven architectures
Key Features
- Custom API namespace with version control
- Full CRUD endpoints (GET, POST, PUT, PATCH, DELETE)
- Supports:
- Pages
- Posts
- Custom Post Types
- Optional ACF field support (if ACF is active)
- Authentication-aware read and write access
- Capability-based write protection
- Built-in pagination support (
?pageand?per_page) - Clean and intuitive admin settings UI
- Clean uninstall (removes plugin data and settings)
Security Highlights
- All API endpoints require authentication
- Write operations require appropriate WordPress capabilities
- CSRF protection enforced for cookie-based authentication (nonce validation)
- Sensitive user data (such as email addresses) is not exposed
- WooCommerce core pages are automatically excluded from API responses
Authentication
All endpoints require authentication.
Supported authentication methods:
- WordPress login cookies (browser/admin usage)
- Write requests require
X-WP-Nonceheader or_wpnonceparameter
- Write requests require
- Application Passwords (recommended for external applications)
- Any authentication method that properly sets the current user context
Write operations are additionally restricted by WordPress capabilities (e.g., edit_posts, delete_posts).
Available Endpoints
Base structure:
/wp-json/{namespace}/{version}/
Example:
/wp-json/my-api/v1/
Status
GET /status
Pages
GET /pages
GET /pages/{id}
POST /pages
PUT /pages/{id}
PATCH /pages/{id}
DELETE /pages/{id}
Posts
GET /posts
GET /posts/{id}
POST /posts
PUT /posts/{id}
PATCH /posts/{id}
DELETE /posts/{id}
Custom Post Types
GET /{post-type}
GET /{post-type}/{id}
POST /{post-type}
PUT /{post-type}/{id}
PATCH /{post-type}/{id}
DELETE /{post-type}/{id}
Pagination
All list endpoints support:
?page=1
&per_page=10 (maximum 50)
Example:
/wp-json/my-api/v1/posts?page=2&per_page=5<h3>License</h3>
This plugin is licensed under GPLv2 or later.
Screenshots
Plugin settings page in WordPress admin 
REST API endpoints overview with generated URLs
Installation
- Upload the plugin to
/wp-content/plugins/infospica-headless-api/ - Activate the plugin from the WordPress admin panel
- Navigate to Infospica Headless API in the admin menu
- Configure namespace, version, and enabled content types
- Save settings
- Use the generated endpoints in your frontend application
FAQ
-
Does this replace the default WordPress REST API?
-
No. It creates a separate custom REST namespace. The default WordPress REST API remains unchanged.
-
Is authentication required?
-
Yes.
All endpoints require authentication.
Write operations additionally require proper WordPress capabilities. -
Does it support ACF?
-
Yes.
Enable ACF support in settings to include custom fields in API responses (if ACF is installed and active).
-
Does it support WooCommerce?
-
WooCommerce core pages are automatically excluded.
Dedicated WooCommerce API support may be added in a future release.
-
Does it support pagination?
-
Yes.
Use:
?page=1 &per_page=10
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Infospica Headless API” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Infospica Headless API” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.0
- Initial stable release
- Custom namespace-based REST API
- Full CRUD support
- CPT support
- ACF integration
- Pagination support
- Admin UI