 So my name is Rachel Baker and I'm a senior web engineer for a company called 10-up as well as a WordPress core contributor as he has mentioned But also I get to spend about half my time working on a project that has been in active development for about the past Year year and a three months or so Called the JSON REST API project and what we're trying to do is to bring a core Supported JSON REST API to WordPress So WordPress is an open-source Publishing tool with a single mission to democratize publishing Does raise your hand here if you've used WordPress Awesome raise your hand if you've heard of WordPress Cool. So all in all word about like four fifths of the room. That's awesome. So, you know in addition to all of us However, we used WordPress or heard about it used some other examples are used by USA Today. In fact nine of the top ten Newspapers in circulation use WordPress. That's all of them except for the Denver Post So if anyone hears from the Denver Post, please see me after this talk As well as magazines like vogue wired online data backed information sources such as 538 or TechCrunch Harvard Gazette the MIT library the country of Sweden the city of Sao Paulo as well as you know telling stories and helping to make the world better in places that we may not Normally think of like Amnesty International in Korea Sand Monkey who is one of the one of the top bloggers during Egypt's revolution important figureheads such as the Prime Minister of India and Snoop doggy dog WordPress powers 60 over 60 million websites and this stats actually from 2011 So based on my poor math skills right now. We're at over a hundred million and 23.3% of the active sites on the internet, which is sites tracked by W3 techs WordPress accounts for 23.3% of those 61% of the sites on the internet don't use a content management system at all Which means that of the sites of the 39 percent or so sites that use a CMS WordPress is almost always their choice Our version our latest version 4.0 was downloaded over 29 million times. It came out in September and For the first time ever Virgin 4.0 was downloaded more in foreign languages than in English So we are growing and we are growing globally One of the things that makes WordPress so popular is that it's multifunctional You can use it as a blog you can use it as a content management system You can use it to power your e-commerce site. You can use it To power a social network. You can use it to do pretty much anything It's user-friendly So we have a famous like five-minute install process that most people can do in less than 30 seconds As well as we have automatic updates as a virgin 3.7 where our minor Minor virgin releases are automatically updated in the background for our users Oops, it's powered by the most loved and hated programming language. Probably that exists PHP, but that makes it so it can be installed across many hosts and is used anywhere and everywhere and makes it really easy for People that use WordPress to find a hosting environment And to get up and running as fast as possible And we're backwards compatible even across major version releases So unlike Some of our content management competitors like Drupal where in their new version releases Not only are they not backwards compatible, but there isn't often a upgrade path we for For many years from once once code goes into a version for many years after that that that code Exists and is supported So why do we need an API if we're already, you know, 23.3% of the internet well We've already made it to 11 years WordPress has been around for 11 years But we don't just want to go to 11. We want to be around for another 11 years and I think that Relying solely on PHP and and The base user How they think of using WordPress such as the blog tool or a content management system We want to be thought of as at least a candidate in some of the instances that you may not ever think of considering WordPress right now Because 69.1% of the web doesn't use a CMS Those are all that's a huge market available for baby as I said considering to use WordPress We we already use backbone and several of our new features or or features that we've rewritten recently features such as our media modal our revision process our customizer and This a large number of there's an additional number of features that we could rewrite if we had a true JSON REST API To actually use backbones models and collections and not have to fake it with PHP So we can backbone all the things and Just to continue the mission of democratizing publishing getting having WordPress be used in places where you know people can only use their mobile phones or Have slow internet speeds Or just don't have an environment available that can support PHP or my SQL So some of the challenges of some of the challenges of building this API Are that we're actually not building an API. We're building 60 million distributed APIs and When I think about that my reaction is basically just to drink because that's insane that we're not you know unlike Most APIs you think of like Twitter or Stripe where if they have a bug fix They can just fix it in one place and it changes how everyone uses the API All of their requests go to one place ours don't we have these this would be something that would be used across different URLs different hosting environments different versions of PHP vision versions of my SQL all sorts of Problems, you know even down to what HTTP verbs different servers would understand So we're 11 years late on being An API first we have people that have been using WordPress for 11 years and have Been using it in a way in which they've never thought that any sort of anything like a JSON API would ever even exist and so we need to we'd really think about that and think about how they use WordPress and How they may be used some database fields in ways that aren't intended and how we can kind of protect them from themselves so making sure that if they have something like a Content type that is invoices that we educate them on how to make sure that that those invoices aren't exposed publicly in their API and Because we're building 60 million distributed API is there's not one place we can do authentication and Something like OAuth 2 isn't even a possibility because that requires SSL and most people that use WordPress Don't have an environment where they have an SSL certificate So we have to figure out a way to do that As well as as I mentioned the different hosting environments and just different versions of WordPress different versions of plugins making it so if we release a new version that has maybe additional route supported or different response different property in the response that that we make sure we return the correct thing and People know how to communicate with the API in across different versions And if you have a plug-in like maybe an invent manager that you can add your own routes to for events or something Or or venues and different things and make it so you understand how you can safely use the API In your plug-in to to add that functionality for for your users and As I mentioned, we can't just deploy a bug fix anything that we get wrong We have to then Fix in WordPress core and it has to be released as a whole new version So that's not something we can do on the fly or do daily nightly like this can happen Maybe once or twice in a release cycle and After all that like whatever we do it still has to be useful to 80% of the people that use WordPress, so That's huge. That's a large number and being able to In addition to taking care thinking about all these considerations in the end still have something that people think is useful And once we release this we don't want every Joe Schmo out there to go and release the official WordPress API client for new fancy programming language like you know go or Haskell or a lisp or whatever we want to make sure that all of those clients are quality and Have progressive enhancements and are something that like as people use They don't then hate WordPress because the client sucks So some of our solutions for this since drinking isn't really a useful and viable option is just knowing that with great power comes great responsibility that we are going to have we just need to make sure that whatever we do we do correctly and Think about all of the things we can screw up and just overall slow down We were trying to get into WordPress 4.1, which is actually about to be released any day now and we missed that version and so Most people when they talk to me about the API they say cool So you didn't make 4.1 or you're gonna make 4.2 and my answer isn't probably not Because we really want to slow down and do this right we would rather we would rather wait another couple months then then release something that's bad and When it comes to thinking about is this something we should expose or not and there's a we can see an argument on both sides Just err on the side of requiring authentication or hiding information We'd like to make things filterable. So just like we're press, you know make make it so you can change the way in which it behaves but But just try and protect people from Releasing information that they don't intend to ever publicly be seen namespace and version routes for you know the diff to solve the different WordPress versions and different plugins different plug-in versions and Make it so as there's a namespace and then a version and then their route Use OAuth 1a Which is very close to OAuth 2 it just doesn't require SSL, but would still allow secure authentication and Then because there is an actual pretty high barrier to entry to get are there are general user to understand how OAuth works and To make sure they have an environment that would Like decrypt the key correctly in a way that we expect them to decrypt the OAuth key There we've also been thinking about you know routing Giving people the option to route certain requests through OAuth 2 using wordpress.org or wordpress.com or some sort of centralized environment And just going on educating our community as much as possible While while we're kind of working on version 2.0 to that's going to be rolled into WordPress core Going out and doing talks like this and seeking feedback from anyone that is willing to to give it to us and Build the client libraries ourselves So try and have official versions of of client libraries for major languages and be able to support those and And stand behind them So we've already released version 1.0. It is available on GitHub, which I'll show you in a second but we do encourage everyone to start using it now and Dig in and give us some feedback Many people are already using in production people like the New York Times Wired magazine Ten up the company I work for we've used on some client projects as well as Boku who has used it on a client project as well So what would this all mean for WordPress's future because that's actually Why I'm here because I think that out of every any other community that this is going to impact It's going to be the backbone community the most and that's because While we are talking about WordPress being able to provide structured data Or a back-end to an application you build in anything else Or can communicate back and forth In whether it's a web app a native app a mobile app, whatever one of the actually an example is that There's this a project called reactor where it's a WordPress plug-in that you can install and it'll build you a mobile app for your site it actually builds it using an angular, but They use our API to do this and this is just an example of what you could some of the things that people can do But it's how backbone can work with WordPress itself kind of to make it so we can continue to improve Our back end and our front end So we can have backbone based WordPress themes that don't have any PHP in them at all And probably aren't even like themes in the traditional sense right now You can use backbone and underscores to make a WordPress theme, but you have to you have to have Enough PHP that it turns most backbone developers off and rightfully so but the having a JSON REST API makes it so you can just You don't even have to write PHP. You can just do your do your front end in backbone JavaScript and CSS and HTML Customized WordPress dashboards. So it's the back end interface being able to customize those For people that you're building sites for this is an example of a of another WordPress project called happy tables Where this is their custom dashboard where they actually built their own API to build this because in WordPress right now There's no good way to like skin the back end You can do it. You can like fake it through CSS But other than that, there's no great way to do it This allows people to be able to do that build their own Interfaces for people to update or manage their content You can hide things you don't want them to see or kind of rename things or just reorganize it to fit your own need and Being able to do front-end inline content editing, you know why should I have to go to the back end of a site and Look at the content editor to write my content and then have to do preview every time I should just be able to Edit it as it's displayed and do it all in one place and Just WordPress has been the gateway drug for tens of thousands of web developers It's allowed a lot of people to get started in web development but I think that That the JSON-Rest API is going to be the gateway drug for allowing WordPress for APIs have people if you want to build an API you can quick you can use WordPress and do it really quickly It's going to make it so having an API is no longer something you have to you know Build in a custom framework or build somewhere else. You can just build you can just use it using WordPress So check it out we have documentation and WP hyphen API org and we are in GitHub at WP hyphen API and we have authentication plugins a JavaScript client all sorts of all sorts of stuff in addition to the core plugin itself and Then just if you download it and activate it on a WordPress site if you go to your site URL Slash WP JSON, then you get to see the schema and get to play around and view the routes We have we have support for most things anything you see up here. That's gray is We'll be supported in in our next branch and just just is not supported in the release version right now But we'll be in the future and anything that's up in our version 1.0 We're backwards compatible with and the future Thank you very much