{"id":287551,"date":"2026-03-24T05:33:05","date_gmt":"2026-03-24T05:33:05","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/headless-engine\/"},"modified":"2026-06-12T11:25:56","modified_gmt":"2026-06-12T11:25:56","slug":"infospica-headless-api","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/infospica-headless-api\/","author":23461441,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.1","stable_tag":"1.0.1","tested":"7.0","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"Infospica Headless API","header_author":"Pushpasharmila S","header_description":"Transform WordPress into a secure headless CMS with a custom REST API namespace, full CRUD support, CPT integration, and authentication-aware access control.","assets_banners_color":"0d0f1e","last_updated":"2026-06-12 11:25:56","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"","rating":5,"author_block_rating":0,"active_installs":0,"downloads":382,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"icssubscriptions","date":"2026-03-24 12:45:03"},"1.0.1":{"tag":"1.0.1","author":"icssubscriptions","date":"2026-06-12 11:25:56"}},"upgrade_notice":{"1.0.1":"

WordPress 7.0 compatibility update and PHP 8.x improvements.<\/p>","1.0.0":"

Initial stable release. No upgrade steps required.<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":1},"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3489831,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3490496,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3574452,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3489831,"resolution":"1","location":"assets","locale":"","width":1683,"height":922},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3489831,"resolution":"2","location":"assets","locale":"","width":1683,"height":922}},"screenshots":{"1":"Plugin settings page \u2014 configure namespace, version, and content types","2":"REST API endpoints overview \u2014 auto-generated URLs with copy button"}},"plugin_section":[],"plugin_tags":[2211,141196,167388,23853,14286],"plugin_category":[59],"plugin_contributors":[258482],"plugin_business_model":[],"class_list":["post-287551","plugin","type-plugin","status-publish","hentry","plugin_tags-acf","plugin_tags-headless","plugin_tags-headless-cms","plugin_tags-rest-api","plugin_tags-wordpress-api","plugin_category-utilities-and-tools","plugin_contributors-pushpasharmila","plugin_committers-icssubscriptions"],"banners":{"banner":"https:\/\/ps.w.org\/infospica-headless-api\/assets\/banner-772x250.png?rev=3574452","banner_2x":"https:\/\/ps.w.org\/infospica-headless-api\/assets\/banner-1544x500.png?rev=3490496","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/infospica-headless-api\/assets\/icon-256x256.png?rev=3489831","icon_2x":"https:\/\/ps.w.org\/infospica-headless-api\/assets\/icon-256x256.png?rev=3489831","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/infospica-headless-api\/assets\/screenshot-1.png?rev=3489831","caption":"Plugin settings page \u2014 configure namespace, version, and content types"},{"src":"https:\/\/ps.w.org\/infospica-headless-api\/assets\/screenshot-2.png?rev=3489831","caption":"REST API endpoints overview \u2014 auto-generated URLs with copy button"}],"raw_content":"\n

Infospica Headless API<\/strong> is a WordPress REST API plugin that transforms your WordPress site into a secure, scalable headless CMS with fully isolated custom REST API endpoints.<\/p>\n\n

Build modern frontend applications using Next.js, React, Vue, Angular, or mobile apps \u2014 powered by WordPress as a backend API, without touching the default WordPress REST API.<\/p>\n\n

Looking for a secure WordPress REST API plugin for headless CMS?<\/strong> Infospica Headless API gives you a custom namespace, full CRUD support, ACF field access, and authentication control \u2014 all from a clean WordPress admin UI.<\/p>\n\n

Why use Infospica Headless API?<\/h3>\n\n

Most developers using WordPress as a headless CMS face the same problems: the default REST API exposes too much data publicly, offers no namespace control, and has weak write protection.<\/p>\n\n

Infospica Headless API solves all of that with a dedicated, configurable API layer purpose-built for modern headless WordPress architectures.<\/p>\n\n

Key advantages:<\/strong><\/p>\n\n

    \n
  • Fully isolated API namespace \u2014 no interference with default WordPress REST API<\/li>\n
  • Every endpoint requires authentication \u2014 no accidental public data exposure<\/li>\n
  • Write operations are locked to WordPress capability checks<\/li>\n
  • Works with any headless frontend: Next.js, Nuxt, React, Vue, Angular, or mobile<\/li>\n<\/ul>\n\n

    Key Features<\/h3>\n\n
      \n
    • Custom WordPress REST API namespace<\/strong> with version control (\/wp-json\/my-api\/v1\/<\/code>)<\/li>\n
    • Full CRUD endpoints<\/strong> \u2014 GET, POST, PUT, PATCH, DELETE<\/li>\n
    • Supports Pages, Posts, and Custom Post Types (CPT)<\/strong><\/li>\n
    • ACF field support<\/strong> \u2014 include Advanced Custom Fields in API responses<\/li>\n
    • Authentication-aware<\/strong> \u2014 all endpoints require authentication; write operations require capabilities<\/li>\n
    • CSRF protection<\/strong> \u2014 nonce validation enforced for cookie-based authentication<\/li>\n
    • Pagination<\/strong> \u2014 ?page<\/code> and ?per_page<\/code> on all list endpoints (max 50 per page)<\/li>\n
    • WooCommerce-safe<\/strong> \u2014 core WooCommerce pages automatically excluded<\/li>\n
    • Clean admin UI<\/strong> \u2014 manage namespace, version, and enabled content types<\/li>\n
    • Clean uninstall<\/strong> \u2014 removes all plugin options on uninstall<\/li>\n<\/ul>\n\n

      Use Cases<\/h3>\n\n
        \n
      • Headless WordPress with Next.js<\/strong> \u2014 fetch posts, pages, and CPTs via secure REST API<\/li>\n
      • WordPress REST API for React or Vue<\/strong> \u2014 isolated namespace, no public data leakage<\/li>\n
      • Mobile app backend<\/strong> \u2014 use WordPress as a content API for iOS or Android apps<\/li>\n
      • SaaS platforms<\/strong> \u2014 use WordPress as a headless CMS for multi-tenant applications<\/li>\n
      • ACF API<\/strong> \u2014 expose Advanced Custom Fields data via authenticated REST endpoints<\/li>\n
      • CPT API<\/strong> \u2014 serve Custom Post Type data to any external frontend or service<\/li>\n<\/ul>\n\n

        Security<\/h3>\n\n
          \n
        • All endpoints require authentication \u2014 including read (GET) requests<\/li>\n
        • Write operations require WordPress capability checks (edit_posts<\/code>, delete_posts<\/code>)<\/li>\n
        • Nonce validation enforced for all cookie-based write requests (CSRF protection)<\/li>\n
        • Email addresses and sensitive user data never included in API responses<\/li>\n
        • WooCommerce core pages (Shop, Cart, Checkout, My Account) excluded automatically<\/li>\n<\/ul>\n\n

          Authentication<\/h3>\n\n

          All endpoints require authentication.<\/p>\n\n

          Supported methods:<\/strong><\/p>\n\n

            \n
          • Application Passwords<\/strong> (recommended) \u2014 available since WordPress 5.6; generate under Users \u2192 Profile and send as Basic Auth header<\/li>\n
          • WordPress login cookies<\/strong> \u2014 for browser or admin usage; write requests require X-WP-Nonce<\/code> header or _wpnonce<\/code> parameter<\/li>\n
          • Any authentication method that correctly sets the WordPress user context<\/li>\n<\/ul>\n\n

            Write operations are additionally restricted by WordPress user capabilities.<\/p>\n\n

            Available Endpoints<\/h3>\n\n

            Base URL structure:<\/p>\n\n

            \/wp-json\/{namespace}\/{version}\/\n<\/code><\/pre>\n\n
            Example:<\/p>\n\n
            \/wp-json\/my-api\/v1\/\n<\/code><\/pre>\n\n
            Status<\/h4>\n\n
            GET \/status\n<\/code><\/pre>\n\n
            Pages<\/h4>\n\n
            GET \/pages\nGET \/pages\/{id}\nPOST \/pages\nPUT \/pages\/{id}\nPATCH \/pages\/{id}\nDELETE \/pages\/{id}\n<\/code><\/pre>\n\n
            Posts<\/h4>\n\n
            GET \/posts\nGET \/posts\/{id}\nPOST \/posts\nPUT \/posts\/{id}\nPATCH \/posts\/{id}\nDELETE \/posts\/{id}\n<\/code><\/pre>\n\n
            Custom Post Types<\/h4>\n\n
            GET \/{post-type}\nGET \/{post-type}\/{id}\nPOST \/{post-type}\nPUT \/{post-type}\/{id}\nPATCH \/{post-type}\/{id}\nDELETE \/{post-type}\/{id}<h3>Pagination<\/h3>\n<\/code><\/pre>\n\n
            All list endpoints support pagination parameters:<\/p>\n\n
            ?page=1&per_page=10 (maximum 50 results per page)\n<\/code><\/pre>\n\n
            Example:<\/p>\n\n
            \/wp-json\/my-api\/v1\/posts?page=2&per_page=5<h3>License<\/h3>\n<\/code><\/pre>\n\n
            This plugin is licensed under GPLv2 or later.\nSee: https:\/\/www.gnu.org\/licenses\/gpl-2.0.html<\/p>\n\n\n
              \n
            1. Upload the plugin folder to \/wp-content\/plugins\/infospica-headless-api\/<\/code><\/li>\n
            2. Activate the plugin from the Plugins<\/strong> screen in WordPress admin<\/li>\n
            3. Navigate to Infospica Headless API<\/strong> in the admin menu<\/li>\n
            4. Set your API namespace, version, and enable the content types you need<\/li>\n
            5. Save settings<\/li>\n
            6. Use the generated endpoint URLs in your headless frontend or mobile app<\/li>\n<\/ol>\n\n\n
              \n
              What is a headless WordPress REST API plugin?<\/h3><\/dt>\n
              A headless WordPress REST API plugin lets you use WordPress purely as a content backend, serving data to any frontend \u2014 Next.js, React, Vue, Angular, or a mobile app \u2014 via REST API endpoints. Infospica Headless API creates a secure, isolated custom namespace for this purpose, separate from the default WordPress REST API.<\/p><\/dd>\n
              Does this replace the default WordPress REST API?<\/h3><\/dt>\n
              No. Infospica Headless API creates a completely separate custom REST namespace. The default WordPress REST API at \/wp-json\/wp\/v2\/<\/code> remains fully unchanged and unaffected.<\/p><\/dd>\n
              How is this different from the default WordPress REST API?<\/h3><\/dt>\n
              The default REST API exposes data publicly without authentication. Infospica Headless API creates an isolated namespace where every endpoint requires authentication, write operations are capability-checked, and you control exactly which content types are exposed.<\/p><\/dd>\n
              Is authentication required for all endpoints?<\/h3><\/dt>\n
              Yes. Every endpoint \u2014 including GET (read) requests \u2014 requires authentication. Write operations additionally require the appropriate WordPress capability (edit_posts<\/code>, delete_posts<\/code>, etc.).<\/p><\/dd>\n
              How do I authenticate API requests from a Next.js or React app?<\/h3><\/dt>\n
              Use WordPress Application Passwords (available since WordPress 5.6). Generate one under Users \u2192 Profile, then send it as a Basic Auth header with every API request. This is the recommended method for all headless frontend applications.<\/p><\/dd>\n
              Does it support ACF (Advanced Custom Fields)?<\/h3><\/dt>\n
              Yes. Enable ACF support in the plugin settings to include ACF custom fields in API responses. Advanced Custom Fields must be installed and active.<\/p><\/dd>\n
              Does it support Custom Post Types (CPT)?<\/h3><\/dt>\n
              Yes. Any public CPT with show_in_rest<\/code> enabled will automatically get REST API endpoints once CPT support is enabled in the plugin settings.<\/p><\/dd>\n
              Does it work with WooCommerce?<\/h3><\/dt>\n
              WooCommerce core pages (Shop, Cart, Checkout, My Account) are automatically excluded from page responses to prevent conflicts. Full WooCommerce product API support may be added in a future release.<\/p><\/dd>\n
              Can I use this for a Next.js headless WordPress site?<\/h3><\/dt>\n
              Yes. This plugin is built specifically for headless WordPress architectures. Use Application Passwords for authentication and call the REST API endpoints from your Next.js getStaticProps<\/code>, getServerSideProps<\/code>, or App Router server components.<\/p><\/dd>\n
              What is the best WordPress REST API plugin for headless CMS?<\/h3><\/dt>\n
              If you need a secure, isolated REST API namespace with full CRUD support, CPT integration, ACF compatibility, and authentication control \u2014 Infospica Headless API is purpose-built for exactly that use case.<\/p><\/dd>\n
              Does it support pagination?<\/h3><\/dt>\n
              Yes. All list endpoints support ?page=1&per_page=10<\/code>. The maximum is 50 results per page.<\/p><\/dd>\n
              Is there a status endpoint to verify the API is working?<\/h3><\/dt>\n
              Yes. Send an authenticated GET<\/code> request to \/wp-json\/{namespace}\/{version}\/status<\/code> to confirm the API is active and check the current plugin version.<\/p><\/dd>\n\n<\/dl>\n\n\n
              1.0.1<\/h4>\n\n
                \n
              • Tested compatibility with WordPress 7.0<\/li>\n
              • Improved PHP 8.x compatibility for REST API content handling<\/li>\n
              • Added 772x250 plugin banner asset<\/li>\n
              • Minor code quality improvements<\/li>\n<\/ul>\n\n
                1.0.0<\/h4>\n\n
                  \n
                • Initial stable release<\/li>\n
                • Custom namespace-based REST API<\/li>\n
                • Full CRUD support for Pages, Posts, and CPTs<\/li>\n
                • ACF field integration<\/li>\n
                • Pagination support<\/li>\n
                • Admin UI with endpoint reference<\/li>\n
                • Clean uninstall<\/li>\n<\/ul>","raw_excerpt":"WordPress REST API plugin for headless CMS \u2014 custom namespace, full CRUD, CPT support, ACF integration, and secure authentication.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/287551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=287551"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/icssubscriptions"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=287551"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=287551"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=287551"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=287551"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=287551"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=287551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}