![]() There are plans in motion to migrate the official mobile apps to use the new API, and also to start using the API to power parts of the WordPress admin interface. To date most of the usage of the JSON API plugin has been for frontend apps. Many companies use XML-RPC for communication between WordPress and other software/services that they operate. The primary consumers of XML-RPC today are the official WordPress mobile apps and several desktop blog clients like MarsEdit and Windows Live Writer. The former prevents the app from seeing the user’s WordPress password and is therefore safer over non-HTTPS connections, while the latter requires HTTPS to prevent network sniffing of credentials. The JSON API plugin currently supports multiple authentication mechanisms, including OAuth 1.0a and HTTP Basic authentication. The password is not encrypted, so XML-RPC is only secure when used over HTTPS so that network peers cannot sniff your credentials or sensitive data. This means that users must give the app their WordPress account password. WordPress’s XML-RPC API passes user credentials as part of each request. Because the format was derived from JavaScript’s object literal syntax, it is extremely easy to consume from JavaScript which makes it attractive for interactive web applications. JSON is a lightweight object serialization format that is easy to use in most programming languages and has limited syntax. ![]() The JSON API uses JSON format for data transfer. Serialization or deserialization of XML can be somewhat cumbersome in some languages, though many libraries exist to make it easier. XML is a widely used markup language and data interchange format, with support in almost all programming language standard libraries. ![]() ![]() XML-RPC API uses XML format for data transfer. Clients have knowledge of the content or resource types (e.g., “post”, “user”), and navigate the API primarily by following links or using URI templating. REST APIs are modeled after HTTP and the web, leveraging HTTP verbs, status codes, content types, and more. The entire API consists of a list of published procedure names, and clients invoke them by name like “ wp.getPosts” or “ wp.uploadFile“. Clients must be aware of each method, their expected arguments, and return values, which can lead to complexity in the client for common flows like retrieve-then-update a post. RPC APIs allow external code to invoke procedures (also called “functions” or “methods”) by name with a set of arguments. In addition to managing content, a primary goal for the JSON API is to provide anonymous read access to data for use by themes or other apps. The team also wants to expose administrative functionality, from plugin installation and theme activation to settings changes. The JSON API has a more ambitious scope to cover everything WordPress can do. JSON API – Anonymous read, editing, management This makes the API mostly useful for desktop or mobile clients that assist with managing content. All of the methods are restricted to users with caps like edit_posts or moderate_comments or upload_files, which are only available to users with at least author-level privileges. The XML-RPC API was created to power desktop clients and other forms of integrations with WordPress for the sake of managing content and moderating comments. I noticed some confusion among the audience and some unclear answers from speakers, so here’s a quick comparison of the new JSON API versus the existing XML-RPC API. This weekend at WordCamp San Francisco, there has been much discussion and advertising for the nascent JSON API.
0 Comments
Leave a Reply. |