API Documentation

Welcome to the Wp Admin API. This documentation covers everything you need to integrate our WordPress management platform into your applications, dashboards, or automated workflows.

💡 Quick Start

Generate an API key from your dashboard under Settings → API Keys. Include it in the Authorization header as a Bearer token to make your first request.

Authentication

Wp Admin uses OAuth 2.0 Bearer Token authentication. All API requests must include your API key in the Authorization header.

                        
                        curl https://api.wpadmin.com/v1/sites \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"
                    
                        const response = await fetch('https://api.wpadmin.com/v1/sites', {
  headers: {
    'Authorization': `Bearer YOUR_API_KEY`,
    'Content-Type': 'application/json'
  }
});
                    
                        import requests

response = requests.get(
    "https://api.wpadmin.com/v1/sites",
    headers={
        "Authorization": "Bearer YOUR_API_KEY",
        "Content-Type": "application/json"
    }
)

⚠️ Security Notice

Never expose your API keys in client-side code or public repositories. Use environment variables and server-side proxying for production applications.

Base URL & Formats

All API requests should be made to the following base URL. The API exclusively accepts and returns JSON data.

                        
                        Base URL: https://api.wpadmin.com/v1
Content-Type: application/json
Authentication: Bearer Token
                    

Sites Endpoint

Manage your WordPress installations. Retrieve site health, trigger maintenance tasks, and monitor performance metrics.

GET /v1/sites

Retrieve a paginated list of all WordPress sites connected to your account.

Query Parameters

Parameter	Type	Required	Description
page	integer	Optional	Page number for pagination (default: 1)
limit	integer	Optional	Number of results per page (default: 20, max: 100)
status	string	Optional	Filter by health: `healthy`, `degraded`, `critical`

Response

                            
                            {
  "data": [
    {
      "id": "site_8x92k",
      "name": "TechFlow Blog",
      "url": "https://techflow.example.com",
      "wp_version": "6.4.2",
      "status": "healthy",
      "last_backup": "2025-01-15T08:30:00Z",
      "metrics": {
        "load_time": 1.2,
        "uptime_30d": 99.98
      }
    }
  ],
  "pagination": {
    "page": 1,
    "limit": 20,
    "total": 42
  }
}
                        

POST /v1/sites/{site_id}/backup

Trigger an immediate full backup of the specified WordPress site.

Response

                            
                            {
  "success": true,
  "backup_id": "bak_9m2x1",
  "status": "processing",
  "estimated_completion": "2025-01-15T09:15:00Z",
  "message": "Backup initiated successfully."
}
                        

Backups Endpoint

Manage backup schedules, download backup archives, and restore sites from previous snapshots.

GET /v1/sites/{site_id}/backups

List all available backups for a specific site.

POST /v1/backups/{backup_id}/restore

Restore a site to a specific backup snapshot. ⚠️ This will overwrite the current site files and database.

🚨 Destructive Action

Restoring a backup cannot be undone. Ensure you have verified the backup contents before proceeding.

Updates Endpoint

Configure automatic update policies for WordPress core, themes, and plugins. Schedule maintenance windows and approve specific versions.

PUT /v1/sites/{site_id}/updates/policy

Update the automatic update configuration for a site.

Security Endpoint

Access firewall rules, malware scan results, login attempt logs, and IP allowlist configurations.

GET /v1/sites/{site_id}/security/scan

Retrieve the latest security scan results and vulnerability reports.

Error Handling

Wp Admin uses standard HTTP status codes and returns structured JSON error responses.

Code	Status	Description
200	OK	Request succeeded
201	Created	Resource successfully created
400	Bad Request	Invalid parameters or malformed JSON
401	Unauthorized	Missing or invalid API key
403	Forbidden	Insufficient permissions for this action
404	Not Found	Resource does not exist
429	Too Many Requests	Rate limit exceeded
500	Server Error	Internal error. Contact support.

                        
                        {
  "error": {
    "code": "invalid_api_key",
    "message": "The provided API key is expired or revoked.",
    "status": 401,
    "request_id": "req_7x892k1m"
  }
}
                    

Rate Limiting

To ensure platform stability, API requests are throttled. Current limits:

Standard Plan: 60 requests per minute
Professional Plan: 200 requests per minute
Enterprise Plan: 1,000 requests per minute (custom limits available)

Rate limit headers are included in every response:

                        
                        X-RateLimit-Limit: 200
X-RateLimit-Remaining: 147
X-RateLimit-Reset: 1705324800
                    

🔄 Retry Logic

If you receive a 429 status, wait for the duration specified in the Retry-After header before making subsequent requests.

Webhooks

Receive real-time notifications about site events. Configure webhook endpoints in your dashboard to get pushed updates for:

site.status_changed
backup.completed
security.threat_detected
update.failed

All webhook payloads are signed with HMAC-SHA256 using your webhook secret. Verify the X-WpAdmin-Signature header before processing events.