API Documentation
Programmatic access to manage your WordPress sites. Automate updates, backups, security scans, and maintenance tasks.
Overview #
The Wp Admin REST API allows developers to integrate WordPress management capabilities directly into their applications, dashboards, or CI/CD pipelines. The API follows standard RESTful conventions and returns JSON responses.
Authentication #
Access the API using API keys generated from your Wp Admin dashboard. Keys should be kept secure and never exposed in client-side code.
Authorization: Bearer YOUR_API_KEY Content-Type: application/json
Base URL #
All API requests should be made to the following base endpoint:
https://api.wpadmin.com/v1
Rate Limits #
To ensure fair usage and platform stability, the API enforces the following rate limits:
- Standard: 100 requests per minute
- Professional: 500 requests per minute
- Enterprise: Custom limits (contact sales)
Rate limit headers are included in every response:
X-RateLimit-Limit: 100 X-RateLimit-Remaining: 84 X-RateLimit-Reset: 1715623400
List Sites #
Retrieve a paginated list of all WordPress sites managed under your account.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| page | integer | No | Page number for pagination (default: 1) |
| per_page | integer | No | Items per page (max: 100, default: 20) |
| status | string | No | Filter by status: active, paused, error |
Example Request
curl -X GET https://api.wpadmin.com/v1/sites?page=1&per_page=10 \\ -H "Authorization: Bearer YOUR_API_KEY" \\ -H "Content-Type: application/json"
Response
{
"data": [
{
"id": "site_8f3a92b1",
"domain": "example.com",
"status": "active",
"wp_version": "6.4.2",
"last_checked": "2024-04-15T10:30:00Z"
}
],
"meta": {
"page": 1,
"per_page": 10,
"total": 42
}
}
Trigger Update #
Manually trigger core, theme, or plugin updates for a specific site. The API returns immediately while the update processes asynchronously.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| site_id | string | Yes | Unique identifier of the WordPress site |
Body Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| type | string | Yes | Update scope: core, plugins, themes, all |
| use_staging | boolean | No | Run update on staging environment first (default: true) |
{
"type": "plugins",
"use_staging": true
}
Security Status #
Retrieve the latest security scan results, threat levels, and firewall logs for a managed site.
{
"site_id": "site_8f3a92b1",
"scan_date": "2024-04-15T14:22:00Z",
"score": 98,
"status": "secure",
"threats_detected": 0,
"firewall_active": true,
"recommendations": [
"Update login URL for additional protection",
"Enable two-factor authentication for admin accounts"
]
}
List Backups #
View all available backups for a site, including timestamp, size, type, and restore readiness.
{
"backups": [
{
"id": "backup_92c41",
"created_at": "2024-04-15T03:00:00Z",
"type": "full",
"size_mb": 245.8,
"status": "ready",
"storage_location": "aws_s3_us_east_1"
}
]
}
Status Codes #
The API uses standard HTTP status codes to indicate success or failure:
Error Handling #
Errors follow a consistent JSON structure to help you debug issues quickly:
{
"error": {
"code": "site_not_found",
"message": "The requested site ID does not exist or you lack permissions.",
"request_id": "req_7f2a9b1c"
}
}
request_id when contacting support. You can find it in the response headers as X-Request-ID.