 Hey everybody. So today we're talking about SAS, S-A-A-S, not any of the other SAS's in the world, and WordPress. So SAS is software as a service. It's a way of delivering applications over the web as a service. Instead of installing and maintaining software on your clients on their machine, they can access the software over the internet. So it frees them from having to manage software updates and hardware requirements. That's the big thing, hardware requirements. With WordPress you do have some need to manage the software side just because if you're integrating with WordPress there's going to be plug-in updates and they're going to have to click the update button. But usually it's just a matter of clicking the update button. And of course dealing with WordPress which is software in itself. And SAS is all about feeling needs. So here's some examples of SAS solutions that fill needs. iThemesync which is the project that I am lead developer on right now for iThemes. It's kind of like managed WP or any of those managed solutions. You can manage multiple sites from one dashboard from iThemesync. And so that's instead of installing WP and having to manage that software you just go to sync.iThemes.com. And you can manage up to right now you can manage up to ten WordPress sites for free with iThemesync. Excuse me Lou. Yes. Would you mind speaking up to us a little bit? Sure. Is this better? Yeah. Lou, here's another example. It's actually a project that I wrote like five years ago. I wrote it as a way to publish my content to Twitter automatically. So whenever I publish a post it would publish to Twitter which expanded to Facebook and Google Buzz but then Google Buzz died and LinkedIn. So it's not very well known plug-in. I've got like 2,000 users which is pretty cool. But it's just an easy way for people to manage their social networks without having to go to each one and post their links for their content. OptinMonster, it used to be a plug-in that you installed on WordPress and everything was just there. And then they moved over to a SaaS solution. So all the OptinMonster stuff is actually managed in the cloud and then it integrates through their plug-in to WordPress. And if you don't know what OptinMonster is, it's like, I forget what they call it, but basically you move your mouse off of the window and it pops up and says, hey, join our mailing list and get 10% off or whatever you want to give them. And it's a way to kind of get them to come back to your site. And apparently it is really successful for keeping customers engaged on your site. Stash is another iThemes product. It's a way to store your backups. And we've recently with BackupBuddy integrated BackupBuddy live with Stash. So it does incremental like every five minutes database checks to see if anything's changed, copies those small changes and then does whole snapshots every day. And you can change that in the settings. But it's like another way of handling something that people don't want to do by themselves. This is the service we're offering and you don't have to worry about managing the software on your own sites. So today I really want to talk about two things, how to communicate with WordPress sites and then a little bit of how WordPress sites to communicate with your servers. There are three generally accepted ways to communicate with WordPress. You can build your own REST API, which we'll talk about. You can use the WP API and we'll talk about that. We're not going to talk about XML RPC because I've never really used it and I don't know anyone who really uses it that much. But it is a way to communicate with WordPress and it's kind of like a built-in API that has some basic functionality. So building a custom RESTful API. What is RESTful? What is a RESTful API? When I started LinkMe, I had no idea what REST was. But basically, the big bright light over your head moment that I had was it's basically just a form. You're accepting input. You can accept it with post, with get, put, and delete. And that's called crud. Post is generally accepted to create content on the API. Get is to retrieve content, put is update. Most people use post to update as well. They're kind of interchangeable and delete is generally accepted to delete stuff. Again, I think most people just use post and get. But those are the accepted norms. So you would add functionality to a plugin or a theme for your cloud server to communicate with WordPress. I recommend using the init action or WP action to watch for your API endpoint. And so here's this little fake code I wrote. And for some reason, the Google doc isn't showing the last line, which is add action init WP underscore API underscore endpoint. And so what it's doing here is basically checking to see if the get for my API endpoint is empty. If it's not, then it checks to see what action you want to do. Here is an example of what that looks like. So on my website, which is no longer there, so you can't get this information. I added this code into an MU-plugin file. And I ran work camp at Atlanta 2016 equals get users. And this is the output I came up with, which is JSON output. This is the source code. I think I can pull it up. Whoops. All these slides are online somewhere. So add action init work camp Atlanta 2016 API. It checks to see if that variable is set in the get request, which is the variable in the URL. It checks to see if it's a get user. And then it responds with this function call. And this is just built in WordPress code, get users. And then I do a response. My response is just a way that I format the output as JSON. So it creates an array, HTTP code, and a body with the user array. In my request, I get the response. I send the response to another function, which outputs JSON and exits so that it no longer stops processing in WordPress. So that source is on GitHub and just, and it's going to be available forever. And so this would be a similar code for adding a user. This right here is not the code. This is actually a curl command line in Unix or Linux, or you could probably do it in Windows. I don't really use Windows. So it's a curl command. And it's saying to use post, the dash D is the data descent. So I'm sending a user name, test user, password one is password, password two is password. Don't ever use the word password as password. Email is just a bogus email. And then my endpoint is the WC-ATL 2016 equals add user. And again, in that code, it's the same code as above. I have a case. If WC-ATL equals add user, then I want to run the create user command function. And so it gets the input, which is the post data. It checks to see if the username is set. And then it gets the username. It checks to see if the first password is set, if the second password is set, if the passwords are equal. And then it says the password. It checks to see if the email is set, if it's an actual email address, and it sets the email. And then I check to see if the username is taken. Check to see if the email is taken because you need to have a unique username and email in WordPress. And if those both pass, then I create the user. If I get a valid user ID back, I respond that a user is created. Got to have that output. But I've got a user created on the bottom there. So that command returned user created. So my server creates a user on your WordPress site using that code as a plug-in, basically. And that's just a basic overview of how to communicate to WordPress using a endpoint, building your own REST API. Now, if you wanted to use the WPAPI, it's a little bit different. WPAPI is a plug-in that basically builds an API for you so you don't have to build your own REST API. Now, WPAPI is specific to WordPress functions and functionality. If you wanted custom functions and custom functionality, you could extend the WPAPI or, again, build your own REST API. Documentation is available at v2.wp-api.org. v2 stands for version two because they're on version two. And so this is an example of how you get users with WPAPI. They use like a permanent structure in their plug-in. So on my site, if this plug-in was activated, it would be loaya.com.wp-json.wp.v2.users. And that's what the output would look like. Now, it's different from this output because I was just outputting the getUser function. They actually clean it up a little bit and they don't pass like, in mine, I passed the password hash. Probably not a great idea to pass the password hash. So they remove the password hash altogether when you get the users because it's no real reason to get that. And then it gets other things like the avatar URL and it just formats it the way that they think you would want it. But again, you can extend it if you needed more information or even less information. And then they allow you to add a user as well. So this is an example of, again, post is for adding content. So you're adding a username, which is content. So username-d is the content of the post. Username equals test user, password equals password, email equals test at domain.tld is supposed to say. And then that's the end point. It's the same endpoint as before. wp-json slash wp slash v2 slash users. So instead of what I was using, which was worth looking at in 2016 equals getUser or addUser. They have the same endpoint and then they just look to see, oh, it's a post action on this endpoint. That's for adding users. With WPAPI, if you're performing this action, you do need an authentication method. There's several different ways to authenticate. You can do OAuth, OAuth version two. There's basic HTTP auth, and there's plugins available to enable that for you. So this right here, if I ran this code right now, wouldn't work because I'm not adding any authentication credentials to it. But it did work because I set up authentication when I was writing these slides. And again, so if you want to build a SaaS server to communicate with WordPress, there's basically two things you can do. You can roll your own, or you can use WordPress as your server that talks to another WordPress client. There's pros and cons in both, of course. iThemes sync is we roll our own. We're not using WordPress as the framework. Link me, I am using WordPress as the framework. You get full control when you roll your own basically. You can do whatever you want, however you want. You can add all the functionality you need. With WordPress, you get the preexisting and robust framework that already exists. WordPress has built in extensibility. With link me, I needed to handle members. So I added a membership plugin at the time. And so instead of having to write code that communicated with WordPress and handle members and handle payments, it was just a matter of adding a plugin. And of course, WordPress is popular. The cons of rolling your own is onboarding with a custom framework. If you hire a developer, they're not going to have any idea what your code does. It's going to take them a month, two, maybe three to get used to that code. When I was put on the iThemes sync project, it was completely new to me. I had been developing a WordPress for years. And then here's this new system that has smarty templates, which I hate, and all sorts of them. Composer, which I wasn't used to. So it's just new and it takes them onboarding. It's a lot easier to find a developer who works with WordPress than it is to find a developer who's never worked with your brand use product. Another con of rolling your own is the testing footprint is smaller. If you make a change, the only people testing it are you and the people using your product. When WordPress makes a change, there's hundreds, thousands of people testing it before that change even goes live. A con of WordPress is that it's possibly overkill. There's too many features. You don't need categories or taxonomies or whatever WordPress adds to it that you're using it for. And there's a little bit of lack of control over the code. It is open source so you can do what you want. But if you want to stay within WordPress and get the updates, then you're kind of stuck with the code that the community agrees with. Which is fine. I mean, both solutions are great. So to communicate to your SaaS back in from WordPress, you basically need to do the exact opposite of what we did before. I'd love to take advantage of the MU plugins directory. It's basically creating a plugin that must use the MU stands for. And you're simply creating a new REST API. So an example of sending a notification to a SaaS back in whenever someone publishes a new post, which is what I said, link me does. See, this one linked and the other one didn't. I must have broke something. So in link me, this isn't exactly the code in link me. But when somebody publishes a new post, it sends that data formatted to the link me API, link me then translates that data and sends it to Twitter, Facebook and LinkedIn, depending on the client's settings. So add action, transition post status. If there's a transition in a post status from say draft to publish or scheduled to publish that action is run. I call my function. And these are the variables that have passed. I only want to do think I don't want to do updated posts. So you need to say, if the new status is published, yeah, and the old status is not published, then I'm going to do JSON output encodes JSON with post ID. And then I'm going to do remote post call and wordpress to my API URL, which is luad.com slash word camper line equals one. And there's several ways to do it. And link me, I actually do permalinks. I have a page with a template with a page template that's custom that has just one function call on it that runs everything. And then the SAS source, what, what the server side would look like. If you're in wordpress again, you do action in it and your function and then get so I was doing WC atl for my SAS server. And if it's not empty, so I said it was equal to one. I thought there was a code error in here. I get the input here. Check to see if the post ID is empty. If it isn't empty, then I log an error on my thing. It says new post publish here. Of course, you'd want to do something more significant than just log something happening, in most cases, at least. But that's the basic callback to your SAS server. And that's it, really. That's a basic overview of how SAS works. Are there any questions or thoughts? All the codes available on Git, all the slides are available. I'm not really sure where they're putting the slides, but. What is the Git that goes where you can get that code? Does anybody know where the WordCamp is putting the slides? Does WordCamp have a Git? What's that? Does WordCamp have a Git? The link to the Git is on the slides. The slides themselves are being stored in some central area. I don't know where. As far as I know, they're going to post them up, but it's also nice if you do it with slide share or something. It gets a little weird. They're shared. Not with slide share. I'll post the link to the slide channel. In fact, I'll do that right now. I used Google Slides. And you can actually publish them to the web. And I have Slides installed. So if you go to the channel, that's the presentation. And it's public. And the link to your Git makes a good part of it. They're in the slides. Yeah. I think you can also go to gist.github.com. You can see all my gists. Are there any other questions? Yeah? The example you showed about creating a Wordpress user. Yes. Right, they're trading a Wordpress user. So this is all about integrating Wordpress with your SaaS solution. And even Wordpress SaaS solution with a Wordpress client. What is Sync using to authenticate? Actually, I don't really know. I haven't really spent much time in that code. I'm pretty sure they're using, if it's available, OpenSSL keys. I spent some time working on some code to auto log you into wv-admin. It's not public. But that's what I was doing as proof of concept. And the previous developer told me that they had some code already that was using OpenSSL. Imagine that's why. Yeah? What's the thing of the SaaS side of Sync? What was the biggest hurdle you personally worked with in getting it set up to work with Wordpress? I don't know. The biggest hurdle? Of course, something developers should look for when they're doing something similar. Probably the biggest hurdle, depending on how you're integrating with it, is the admin side of Wordpress, which is not available, unless you're logged in as admin. So there are ways, like, in Sync, we set isAdmin to true for certain calls so we can get access to certain things that are only available in Admin. And is, actually, WP underscore admin is a constant. And if you set that true early enough, then Wordpress will load admin functions. It's not a huge hurdle, because I just told you a really easy workaround. But the biggest, I guess, the hardest thing to do is formatting your content and getting it out in an expected way. We had an issue where our API request is iThemes-sync-request. And there's a couple of web hosts out there who, like, Carblanche rejects any request to your website that has the word request in it. And so we had to find a way to work around that, because that's how the plugin works. And I wasn't part of it, but the guy who was working on that thing figured out that if you use %72 for the R in the get request, it worked. So I got to that code, and I was like, why the heck is there %72 here? And I changed it to R, because it was annoying me. And I was like, before I commit this, let me ask him. I was like, why did you do this? And he told me that. And I was like, oh, that's annoying. So the hurdle is dealing with hosts who do weird things. And you run into those. With LinkMe, I run into hosts that don't allow your website to make any outside API requests. And so they would try to hook their API up with LinkMe and then get an error. I'm like, well, it's working for me. And then after some work, we discovered that they have like this built-in C-panel firewall. And you need to allow the IP address, which is annoying, because then if you ever change your IP address, then they have to change their settings as well. Another thing, too, is along those lines, hosts sometimes don't allow fsock open calls, which even the remote API uses in WordPress. But they'll disable curl, disable fsock open, all that stuff. And so making those requests become impossible for the client. And that kind of breaks the whole SAS model because they're then having to deal with the software part of your solution. But the service that you're offering, hopefully, is once they get those couple of small things fixed, they don't even need to think about it anymore. Any other questions? Just that WordPress developer to find myself and have a good knowledge of HTTP and HTML and CSS, but not REST API or just good WordPress. Where would you say would be a good place to look and learn more about how to integrate that into your websites and things like that? Or would you like to look at? Probably the best thing I would recommend is find something you want to do and then just try doing it. That's what I do to link me. I had no idea. Like I said, I had no idea what REST was. And I was like, well, how do they communicate from here to here? And then I did a couple of Google searches and I saw the word REST and I was like, what is REST? And then I saw like, oh my gosh, this is so confusing. REST? Oh gosh, this is awful. And I was like, post. I was like, I've seen post before when I'm processing a form input. I've seen get before. And I was like, oh, this is literally just processing form input without the UI of a form. So just really find a project you want to experiment with and try and just do it. That's the best recommendation I have. Anything else? Great, thanks.