WordPress REST API lets external applications interact with your site, but testing endpoints manually through browsers or Postman wastes time. Authenticating requests, managing tokens, and debugging API responses becomes tedious without proper tooling.
WP-CLI combined with curl and REST API gives you complete WordPress automation—create posts from external systems, sync content between sites, integrate with third-party services, and build powerful API-driven workflows from your terminal.
In this guide, you’ll learn to leverage WordPress REST API with WP-CLI for automated content management, headless WordPress setups, and integration workflows used by modern WordPress applications.
Why Combine WordPress REST API with WP-CLI?
WordPress REST API provides HTTP endpoints for WordPress data, while WP-CLI offers direct database access—together they’re unstoppable.
WordPress REST API Limitations Alone
Authentication complexity: Setting up OAuth or application passwords is tedious.
Rate limiting: API requests can be throttled during bulk operations.
Debugging difficulty: Hard to see what’s happening inside WordPress during API calls.
No direct database: Can’t bypass API to directly manipulate data when needed.
Testing challenges: Need external tools to test endpoints during development.
Combined WP-CLI + REST API Advantages
Fast prototyping: Use WP-CLI to create test data for API development.
Hybrid workflows: Use API for external integration, WP-CLI for direct operations.
Better debugging: Check database state with WP-CLI while testing API calls.
Authentication bypass: Use WP-CLI for admin tasks, API for user-facing features.
Complete automation: Build complex workflows combining both tools.
According to WordPress API usage statistics, REST API adoption has grown 300% since 2020, making API skills essential.
WordPress REST API Basics
Understand WordPress REST API fundamentals before automation.
Test API Endpoints with curl
# Get site information
curl https://example.com/wp-json/
# List all posts
curl https://example.com/wp-json/wp/v2/posts
# Get specific post
curl https://example.com/wp-json/wp/v2/posts/123
# List users
curl https://example.com/wp-json/wp/v2/users
# Get categories
curl https://example.com/wp-json/wp/v2/categoriesPretty Print JSON Responses
# Install jq for JSON formatting
apt-get install jq
# Pretty print API response
curl -s https://example.com/wp-json/wp/v2/posts | jq '.'
# Extract specific fields
curl -s https://example.com/wp-json/wp/v2/posts | jq '.[].title.rendered'
# Get post count
curl -s https://example.com/wp-json/wp/v2/posts | jq 'length'Verify REST API is Enabled
# Check if REST API responds
curl -I https://example.com/wp-json/
# Should return: HTTP/1.1 200 OK
# Use WP-CLI to check REST API status
wp rest
# List all available REST routes
wp rest route listLearn more in the WordPress REST API handbook.
REST API Authentication
Authenticate API requests for write operations.
Application Passwords (Recommended)
# Create application password with WP-CLI
wp user application-password create admin "API Automation" --porcelain
# Returns: password_hash
# Use in curl request
curl -u admin:password_hash \
https://example.com/wp-json/wp/v2/posts
# Test authentication
curl -u admin:password_hash \
https://example.com/wp-json/wp/v2/users/meBest Practice: Store credentials in environment variables, never hardcode in scripts.
# Set environment variables
export WP_USER="admin"
export WP_APP_PASSWORD="xxxx xxxx xxxx xxxx"
# Use in scripts
curl -u "$WP_USER:$WP_APP_PASSWORD" \
https://example.com/wp-json/wp/v2/postsBasic Authentication (Development Only)
# Install Basic Auth plugin (development only!)
wp plugin install https://github.com/WP-API/Basic-Auth/archive/master.zip --activate
# Use with curl
curl -u username:password \
https://example.com/wp-json/wp/v2/posts
# NEVER use Basic Auth on production (insecure over HTTP)Creating Content via REST API
Automate content creation using API endpoints.
Create Posts with curl
# Create simple post
curl -X POST \
-u admin:app_password \
-H "Content-Type: application/json" \
-d '{
"title": "New Post via API",
"content": "This post was created via REST API",
"status": "publish"
}' \
https://example.com/wp-json/wp/v2/posts
# Create post with categories and tags
curl -X POST \
-u admin:app_password \
-H "Content-Type: application/json" \
-d '{
"title": "Categorized Post",
"content": "Post content here",
"status": "publish",
"categories": [1, 5],
"tags": [10, 15, 20]
}' \
https://example.com/wp-json/wp/v2/postsCreate Posts from External Data
#!/bin/bash
# import-from-api.sh - Import content from external API
EXTERNAL_API="https://api.example.com/articles"
WP_SITE="https://mysite.com"
WP_USER="admin"
WP_PASS="app_password"
# Fetch external content
curl -s "$EXTERNAL_API" | jq -c '.[]' | while read article; do
TITLE=$(echo "$article" | jq -r '.title')
CONTENT=$(echo "$article" | jq -r '.content')
echo "Importing: $TITLE"
# Create WordPress post
curl -X POST \
-u "$WP_USER:$WP_PASS" \
-H "Content-Type: application/json" \
-d "{
\"title\": \"$TITLE\",
\"content\": \"$CONTENT\",
\"status\": \"draft\"
}" \
"$WP_SITE/wp-json/wp/v2/posts"
done
echo "✓ Import complete"Use Case: Sync content from headless CMS, import RSS feeds, or aggregate content from multiple sources.
Update Posts
# Update post title
curl -X POST \
-u admin:app_password \
-H "Content-Type: application/json" \
-d '{"title": "Updated Title"}' \
https://example.com/wp-json/wp/v2/posts/123
# Update post content
curl -X POST \
-u admin:app_password \
-H "Content-Type: application/json" \
-d '{"content": "New content here"}' \
https://example.com/wp-json/wp/v2/posts/123
# Change post status
curl -X POST \
-u admin:app_password \
-H "Content-Type: application/json" \
-d '{"status": "publish"}' \
https://example.com/wp-json/wp/v2/posts/123WP-CLI REST Commands
Use WP-CLI’s built-in REST functionality for testing.
List REST Routes
# Show all REST routes
wp rest route list
# Show specific namespace
wp rest route list --namespace=wp/v2
# Filter routes
wp rest route list | grep postsExecute REST Requests with WP-CLI
# GET request
wp rest get /wp/v2/posts
# GET specific post
wp rest get /wp/v2/posts/123
# POST request (create content)
wp rest post /wp/v2/posts \
--title="New Post" \
--content="Post content" \
--status=publish
# DELETE request
wp rest delete /wp/v2/posts/123 --force=trueAdvantage: WP-CLI REST commands bypass authentication—perfect for local development and testing.
Hybrid WP-CLI + REST API Workflows
Combine WP-CLI and REST API for powerful automation.
Content Sync Between Sites
#!/bin/bash
# sync-content-between-sites.sh
SOURCE_SITE="https://source.com"
TARGET_SITE="/var/www/target-site"
WP_USER="admin"
WP_PASS="app_password"
# Export posts from source via API
curl -s "$SOURCE_SITE/wp-json/wp/v2/posts?per_page=100" > /tmp/posts.json
# Import to target with WP-CLI
cd "$TARGET_SITE"
cat /tmp/posts.json | jq -c '.[]' | while read post; do
TITLE=$(echo "$post" | jq -r '.title.rendered')
CONTENT=$(echo "$post" | jq -r '.content.rendered')
echo "Importing: $TITLE"
# Use WP-CLI for faster import
wp post create \
--post_title="$TITLE" \
--post_content="$CONTENT" \
--post_status=publish
done
rm /tmp/posts.json
echo "✓ Content sync complete"Headless WordPress Content Publishing
#!/bin/bash
# headless-publish.sh - Publish to headless WordPress
WP_API="https://headless-wp.com/wp-json/wp/v2"
WP_USER="admin"
WP_PASS="app_password"
# Create content locally with WP-CLI
wp post create \
--post_title="Headless Post" \
--post_content="Content here" \
--post_status=draft \
--porcelain > /tmp/post_id.txt
POST_ID=$(cat /tmp/post_id.txt)
# Export post data
POST_DATA=$(wp post get $POST_ID --format=json)
# Publish via REST API to headless instance
curl -X POST \
-u "$WP_USER:$WP_PASS" \
-H "Content-Type: application/json" \
-d "$POST_DATA" \
"$WP_API/posts"
echo "✓ Published to headless WordPress"Automated Content Moderation
#!/bin/bash
# moderate-content.sh - Auto-moderate spam content
WP_SITE="/var/www/html"
API_URL="https://example.com/wp-json/wp/v2"
WP_USER="admin"
WP_PASS="app_password"
cd "$WP_SITE"
# Find posts with spam keywords using WP-CLI
SPAM_POSTS=$(wp post list \
--s="viagra" \
--post_status=publish \
--format=ids)
for POST_ID in $SPAM_POSTS; do
echo "Trashing spam post: $POST_ID"
# Move to trash via REST API
curl -X DELETE \
-u "$WP_USER:$WP_PASS" \
"$API_URL/posts/$POST_ID"
done
echo "✓ Spam moderation complete"API Testing and Development
Test custom REST API endpoints during development.
Register Custom Endpoint
// In theme functions.php or plugin
add_action('rest_api_init', function () {
register_rest_route('custom/v1', '/data', array(
'methods' => 'GET',
'callback' => 'custom_api_callback',
'permission_callback' => '__return_true'
));
});
function custom_api_callback() {
return array('status' => 'success', 'data' => 'Custom API response');
}Test Custom Endpoint
# Test with curl
curl https://example.com/wp-json/custom/v1/data
# Test with WP-CLI
wp rest get /custom/v1/data
# Validate response
wp rest get /custom/v1/data | jq '.status'Automated API Testing Script
#!/bin/bash
# test-api-endpoints.sh
API_BASE="https://example.com/wp-json/wp/v2"
echo "Testing WordPress REST API endpoints..."
# Test posts endpoint
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "$API_BASE/posts")
if [ "$HTTP_CODE" -eq 200 ]; then
echo "✓ Posts endpoint: OK"
else
echo "✗ Posts endpoint: FAILED ($HTTP_CODE)"
fi
# Test users endpoint
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "$API_BASE/users")
if [ "$HTTP_CODE" -eq 200 ]; then
echo "✓ Users endpoint: OK"
else
echo "✗ Users endpoint: FAILED ($HTTP_CODE)"
fi
# Test categories endpoint
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "$API_BASE/categories")
if [ "$HTTP_CODE" -eq 200 ]; then
echo "✓ Categories endpoint: OK"
else
echo "✗ Categories endpoint: FAILED ($HTTP_CODE)"
fi
echo "API testing complete"Learn about REST API best practices for production.
Next Steps
You now have WordPress REST API and WP-CLI integration skills for powerful automation workflows.
Recommended Learning Path
Week 1: API fundamentals
- Test endpoints with curl
- Set up authentication
- Create/update content via API
Week 2: WP-CLI REST commands
- Use
wp restcommands - Build hybrid workflows
- Test custom endpoints
Week 3: Advanced integration
- Content synchronization
- Headless WordPress setup
- API-driven automation
Week 4: Production deployment
- Build content pipelines
- Implement error handling
- Create monitoring systems
Advanced Topics
- Headless WordPress Architecture – Complete decoupled setup
- Custom REST API Endpoints – Build custom APIs
- GraphQL + WP-CLI – Alternative API approach
Get More Resources
Download API automation scripts including:
- Content sync workflows
- API testing suite
- Authentication helpers
- Weekly WP-CLI tutorials
- API integration patterns
- Modern WordPress architecture
Conclusion
WordPress REST API combined with WP-CLI creates a powerful automation ecosystem for modern WordPress development, from headless setups to complex content workflows.
What we covered:
✅ WordPress REST API basics and authentication
✅ Creating and updating content via API
✅ WP-CLI REST commands for testing
✅ Hybrid WP-CLI + REST API workflows
✅ Content sync and automation patterns
✅ API testing and development workflows
Master these techniques, and you’ll build sophisticated WordPress automation that integrates with any external system or service.
Ready for more? Learn WordPress GraphQL integration or headless WordPress architecture.
Questions about WordPress REST API and WP-CLI? Drop a comment below!
Found this helpful? Share with other WordPress developers.