API Endpoints Overview

Programmatic access to manage WordPress sites, security, backups, and performance. All endpoints return JSON and require Bearer token authentication.

Base URL

https://api.wpadmin.com/v1

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Authentication

Wp Admin uses API keys to authenticate requests. You can view and manage your API keys in the dashboard under Settings > API.

Header 
Authorization: Bearer <YOUR_API_KEY>
Content-Type: application/json

Keep your API key secure. Do not expose it in client-side code or public repositories.

Site Management

Method Endpoint Description
GET /sites List all connected WordPress sites
POST /sites Connect a new WordPress site via WP-CLI or plugin
GET /sites/{id} Get detailed site information & status
PUT /sites/{id} Update site settings (maintenance mode, debug mode)
DELETE /sites/{id} Disconnect a site from Wp Admin management

Security & Scans

Method Endpoint Description
GET /sites/{id}/security Get security score & threat status
POST /sites/{id}/security/scan Trigger manual malware/vulnerability scan
POST /sites/{id}/security/firewall Toggle WAF rules (allow/block IP ranges)
GET /sites/{id}/security/logs Retrieve security event logs

Backups & Restore

Method Endpoint Description
GET /sites/{id}/backups List available backup snapshots
POST /sites/{id}/backups Create a manual backup (files + database)
POST /sites/{id}/backups/{id}/restore Restore a site to a specific backup point
DELETE /sites/{id}/backups/{id} Delete a backup snapshot

Performance

Method Endpoint Description
GET /sites/{id}/performance Get speed metrics, cache status & recommendations
POST /sites/{id}/performance/purge Purge all caches (server, CDN, object)
PUT /sites/{id}/performance/settings Update optimization settings (compression, minification)

Request & Response Examples

cURL 
# List all managed sites
curl -X GET https://api.wpadmin.com/v1/sites \\
  -H "Authorization: Bearer wp_live_sk_8f3j29d1k..." \\
  -H "Content-Type: application/json"
JSON (200 OK) 
{
  "data": [
    {
      "id": "site_9x2k1m",
      "url": "https://example.com",
      "status": "active",
      "wp_version": "6.4.2",
      "security_score": 94
    }
  ],
  "meta": {
    "total": 1,
    "page": 1
  }
}

Error Handling & Status Codes

Wp Admin uses conventional HTTP response codes to indicate the success or failure of an API request.

200 OK
Request succeeded
400 Bad Request
Missing or invalid parameters
401 Unauthorized
Invalid or missing API key
403 Forbidden
Insufficient permissions
404 Not Found
Resource does not exist
429 Too Many Requests
Rate limit exceeded
500 Internal Server Error
Unexpected server failure

Rate Limits

API requests are rate limited to ensure fair usage and system stability. Limits are applied per API key.

  • Starter Plan: 100 requests / minute
  • Professional Plan: 500 requests / minute
  • Enterprise Plan: 2,000 requests / minute (custom limits available)

When you exceed the limit, you will receive a 429 Too Many Requests response. Implement exponential backoff in your integrations.

"}**