 Who's ready for the next session? Yeah. Thank you. We're going to kick off the session with a joke. Once we can finish writing it. So why is the WordPress freelancer no broke? Drupal. Oh. That's the last one. They were too free? It was too free. Anyway, that's the one. The punchline chat GPTK wrestlers. Because you couldn't find a premium team that didn't cost an envelope. He couldn't find the premium fees. Oh, wow. All right. Secret prize for whoever can come up with the funniest WordPress joke. Anyway, is it $2.15? That's what I have. Great. Green light. So for a little, this session is called fun with the WordPress API. So Sal is a WordPress developer at Web Dev Studios. He is passionate about code, web development, and Git version control. He is contributed to WordPress core, the Genesis framework, and the author of the soft emails plugin. Sal's previous experience as a magician slash juggler, computer science and mathematics teacher, and radio DJ makes him an entertaining energy teacher. He has focused on a wide variety of topics, including object-oriented PhD programming, enforcing code standards with PHP code standard, WordPress post meta, and using Composer. Sal is also a proponent of developer's blogging and shares his development notes and tips at Sal Farello. Thank you. Thank you. Anyone who wants to follow along for the home game. Thank you. The home game at salcode.com slash WCM. That's like WordCamp Montclair. All these slides are available there and will be available afterwards as well. But if you want to pull them up now, you certainly can. When I was growing up in my family, Sunday lunches were kind of this family tradition we would have. And my grandfather loved this one sandwich shop where we'd get the sandwiches, except for they consistently got the order wrong week after week. And my grandfather really tried, right? Eventually he went around and the family wrote down all the orders, even took them in a day early and handed them over. But still, sandwiches were wrong. So he goes to the owner and he says to him, listen, we love your sandwiches. We'd love to keep coming here, but you keep getting the order wrong. What do we need to? And the owner picked up a piece of paper and handed it to him. And it was an order form, right? Each sandwich had a row and there were columns that indicated there were toppings to add or toppings to remove. And so that week, my grandfather filled out the form and handed it in. And lo and behold, the sandwich order came back right. So the problem we had here is not that there was bad information or anything like that, but the problem was the information was not in the right format. And that's exactly what we're talking about when we start talking about the WordPress REST API. We're used to WordPress displaying all this content for us here in the form of a web page. But that's not sort of this consistent data format that we can take in. This is not that sandwich order in this very regimented format. The REST API is. Now, this is a custom REST API endpoint that I've added to my website. I even have the link down at the bottom. If you click it, it'll come up. So this just says owner, right? And it provides this information about me, the owner of the website and WCUS. Those are the ones I've made it to in the past. I'm looking forward to adding 2023 to that list this year. Woohoo, yes. Great. And now we've got WordPress kicking back data to us in that very regimented formatted way. And this has got a lot of power to it. So why, right? Why is this power? Why is this important? Why do we want this here? So as an example, here's my website, right? And imagine for a moment that you are tasked with extracting when this article was last updated. As a human, we can take a look at this and we can read it. We can see when this was last updated. But imagine you had to do this programmatically, right? So you can write some code that loads all this content. You've got all these HTML tags flying around. Maybe you write some code that identifies the words last updated on. And then you take the content after that and then you stop at the word buy. So that's not insurmountable. But if you write that for my website, it's only going to work on my website. If you go to someone else's website and try and run the same thing, you're not going to get the right answer. Maybe they don't even provide that last updated information at all, right? It's not anywhere in the source code. So in that case, right, we can still tease it out because this is the rest API response for that same blog post. And so this kicks back all that data to us in that super regimented format, in that sandwich order way that we can predict exactly where each piece of data is going to be. As a matter of fact, I wrote a Chrome extension to do just this because I knew exactly how that response would come back. Now, whenever I'm on a WordPress blog post and I say to myself, this information seems interesting, but is this outdated? This kind of looks like something maybe that's let's see how recently this was written, right? And I can click this and it will tell me, oh, hey, Sal, this was written in 2011, right? Maybe I want to go back and check. All right, so reading, we've got this very regimented way of reading this data out. That's great. But in the words of the TV announcer, that's not all, right? We can write as well using the rest API. So here I created on my website an example page, salfararello.com, slash example. And I titled it my example page. Now, I can make a rest API call just like this and I'm setting the title. Let's dissect this a little more later in the talk here. But you can see in the title, my new title, I'm passing that information in. And when I do that, that page gets updated and now we've got new information. So I can do this programmatically and pass this information in. So it's just the before and after slides, right? We've got the blog post or the pages I initially created it. And then the updated page that has the new title after we run that code over it. So these are really the three big ideas that I want to talk about today. One, we can read from the rest API. We can get this data back in this very regimented format and there's cool stuff we can do with that. We can write to the rest API so we can use these regimented rules to feed information in and change them. And then finally, we can add our own endpoints to the rest API to do whatever we want with. So let's talk about JSON for a moment, right? This is JavaScript object notation and it comes back like this, right? We've got our information coming back. Again, this is the link. This is the endpoint I created. A little bit of a comparison in case, like me, you were a strictly PHP person. That's where I used to live, right? It was all PHP. There was a little bit of jQuery every once in a while. But I've started delving into JavaScript a little bit more and JSON really is based on JavaScript and the way the objects are notated. Hence the name, right? So the difference I just want to highlight between sort of PHP and JavaScript. In PHP, when we create an array, we really have two different types of arrays, right? One type of array has keys and values, right? You set up an array, you give it a key, you give it a value, key, value. The other type of array is just a list of items. So for example, with WCUS at the bottom there, I have just that list of items. There's no keys involved. They're numerically indexed automatically, but we're not defining them. So this is what we can do in PHP. JavaScript, it does not work that way. In JavaScript, if you want to have key value pairs, you are not dealing with a JavaScript array. You're dealing with a JavaScript object. So in JavaScript, to define an object, they use the curly braces instead of the square brackets. So we've got an object with curly braces, key value pairs. And then if we do want to have values that are not keyed, right? They're just numerically indexed like WCUS. Then we do use the square brackets for that even in JavaScript. JSON has a few other rules, like things have to be quoted all the time, but that's sort of the big ones. No trailing commas in JSON object notation as well. That one burns me so many times and the validator throws an error. What's wrong with this? So trailing commas just clarify. After this, we might put a comma as we did in the PHP. If you try and do that in a JSON object, it's going to throw an error for you. Now, if any of you have been playing along with the home game and you've clicked this link to my website, you might be looking at what I've been showing you and say, Sal, you're blowing smoke here. This is not what it looks like to me. If we take a look at this, you may be seeing something a little more like this. We get the information coming back and it's all crammed together. So we would call that unformatted JSON. It's coming back. It's not so pretty to read. And maybe you're very mentally flexible and you're saying, well, that's okay, Sal. I can figure it out. Even if it's not all pretty printed up there. And while that's probably true, some of these JSON responses get a little larger. And when we don't pretty print them, it looks like our machine threw up on the screen. I imagine this is what computer vomit would look like. So we don't want that. We want our JSON to be formatted. So the trick I like to use when it comes to formatting my JSON and getting a nice, pretty way to look at is a Chrome browser extension. And when you run this Chrome browser extension, automatically anytime you hit one of these URLs, like this one, it comes back to me formatted. So I find this to be a really useful tool if you want to play around with the REST API. So the one I use is JSON view. I've got links to it and I got links to the source code. So personally, I recommend that. I think that helps. Now, if you're using Firefox as your browser, Firefox has this baked in. So if you're using Firefox and you hit one of these URLs, it looks good right out of the gate. No extra processing necessary. If you really have a chip on your shoulder about browser extensions and you don't want a browser extension, there is a trick you can use that you run from the browser console to get your stuff back and pretty printed. It's this code snippet. If you drop it in, it'll do that for you. So I've got this link in there as an option. This links to a blog on my website, a blog post on my website. Okay, so now we've got this pretty thing coming back and we clicked on that URL and we saw what it looked like, but how do we land on that URL? That's a pretty long URL we were looking at a moment ago and to sort of put that together, where does that come from? Well, when WordPress renders a page, there are lots of tags on that page and some of those tags are not things that turn into visual elements that we look at. One of these things is a link tag like the one on the screen. It sets a link tag, it has a rel value of alternate and a type of application JSON, and it points to the corresponding REST API route for that blog post. So I went to that URL at the bottom and when I looked through, I found this tag. As a matter of fact, here's a screenshot of it, right? I've got lots of other code, but when I look in there, that code is there and that href value is pointing right to that URL. So I can gather that. You can do this on any site you want to. You can go to the WordCamp Montclair site, go to one of the blog posts, and if you view source, you will see this same link in there and it will tell you exactly where to hit the REST API to get the response for that object. So because we're programmers, we love if we can automate things. So it turns out we can automate this, right? If you've used any kind of querying language in JavaScript or maybe used jQuery to target something, or even CSS, right? We're targeting an element. We can target that element that we just spotted here. Document.querySelector lets me do that and so I'm going to query it with this and I want to link tag and I want it to have rel equals alternate and type equals application slash JSON. That comes back. I get a DOM element. I want the href value out of it and so if I run this, and we'll talk about how we run this, if I run this, I get back that URL. So I can get this programmatically. So in terms of how do we run this, right? We're running JavaScript in the browser and I'll be talking a bunch about this and so this is if you open your developer tools, you get your console at the bottom. Is that showing up big enough? We can make it bigger. There we go. And we can have any sort of JavaScript in here at the bottom that we run. And so specifically the JavaScript we're talking about running on our WordPress blog post is this and it comes back with our URL. Yeah, there we go. We can see a successful run of it. We have a live camp Montclair blog post and you don't want to go and sift through the tags yourself. You can instead run this from the browser console and get back that URL. Great. So we got that. We had the URL. If we hit the URL, we've got all the information there. Yeah, let's go back and do it. Right. So it's here and we're running our browser extension so it's all nice and pretty printed for us and we can see everything here. It pops back our data. So we say, hey, let's do this programmatically and so we can do this in JavaScript. So this is the code. Essentially we would swap out that middle line for whatever we need to hit. Right. In this case, we're hitting this rest route. And so we've got this and we've got it with the blog post 67.99 and we've got these await keywords in there. We're not going to dive too deeply in JavaScript but this essentially is asynchronous JavaScript. What happens is the code starts to run and JavaScript just wants to keep on running after it kicks off that function. And by putting a wait there, we say, hang on, wait for the response to come back and then we're going to operate on it. So first we wait for the response to come back and then we turn it into a JSON response and we wait for that to come back. So we run that JavaScript and then we get back this object. Right. So this is the object that corresponds to that post. This is what the rest API has on it. And then finally, we can take that response. We can stick it in a variable. I called it JSON data. And then we can call JSON data.modified because that object that comes back has that modified property in it that tells us when it was last modified. And so by putting all those pieces together that's exactly what I did to create that browser extension. Right. So here's the code running. This shows us it so we can take that apart. Right. So this browser extension, when I hit the button it looks over the page. It does that query to find that link tag. It finds it. It looks at the href value and then it makes that call to that href value. It comes back and it looks for the modified value and that kicks it out. So that's all the secret sauce going on there under the hood. Same origin policy. This one's easy to get tripped up on. When you're running JavaScript in the browser there is a rule hard coded into that browser that says if you are doing one of these fetch commands to go out and grab some information you may only do it to the same domain you are currently on. So if I'm on my website and I open up that browser console at the bottom and I take this code snippet and I say hey, I'm going to go grab some information from a blog post let me go grab it from the WordCamp Moncler blog post that's going to fail because that's on a different domain. I need to be hitting stuff on the same domain. So a great way to play with this is go to your site open up that browser console and then you can drop in these code snippets and it'll fire along and get you there. So how would one go about exploring the WP REST API? There's a lot going on here and I've given this a lot of thought and I think the best way to do it is actually to start deep and then work your way back out. So we've got this deep link here that takes us to a blog post we're looking at one specific blog post we've got the data we've kind of looked at that ad nauseam here I think we get the hang of it. So that's that data if we start lopping things off our URL almost like we're on the website and you've got this deep URL and you say I want to work my way back a little bit let's see what else we have here. So if I take off that last bit the post ID then we get posts this will give us back a list of all the posts it's a lot like when you hit your blog page and it lists your most recent blog posts so we can do that and take a look at it these will come back and this comes back we get this object here and then you can see we have a second object so that is the second most recent thing I published and we can take a look and we can get the third object so you can take a look through and work your way through this single but all posts and then if we lop off posts we get wp slash v2 routes so at that point we're pulling some more information so if I pull that up here this is interesting in that it shows us the different routes that are available to us there's the one we're looking at right now wp v2 there's posts we just looked at that that gives us the list of all those posts there's posts with this thing at the end this is a regular expression that represents a number there that tells it hey you can have posts and then have a number at the end that'll get you that blog post oh hey it turns out there's another one if we put revisions after that we can get the revisions for that post so we can discover what's going on here we can pull a specific revision if we give it that second ID that belongs to the revision autosaves are available we'll go a couple more pages so not just posts but we can do pages as well we can continue going down here all these wp v2 ones are the ones that are built into WordPress core now we go back one more level we take off that v2 and we get no root was found I feel a little misled here I thought we got to explore this thing we could go through but this one comes back with an error 404 we'll talk about this in a minute about why this one comes back as an error and then finally if we get to back to wp-json this is the root of the REST API and so this is going to be our top level and this has everything you can see the one I added I'm hosting on SiteGround so you can see that it's listed in here, Yoast I have in here so all of these different things come back okay so if you want to play around and look at all the different options that are available to you that's a great way to do it so let's look at the structure of this call we've got the base which is our URL and typically wp-json at the end this can vary a little bit from site to site there's ways to customize it this is what you're going to find but then the part that WordPress cares about is this route on the end of it like wp-v2-post-6799 that's that path that takes us exactly where we want to go so our base and then we've got our route the route we can actually break down further so the route, the first part on it is called the namespace and the idea is that if I want to add a new route maybe somebody else has added that same route with the same name we come up with something like post maybe I want to add post but WordPress core already has that so I use a different namespace on the front of it so now we're querying salcode v1-post instead of wp-v2-post and those are two different things we can respond with different things and we don't mess each other up and as a matter of fact here's mine with the route I have salcode v1-owner that's that custom endpoint I added is salcode slash v1 now the v1 slash v1 that we add on there that's not forced by WordPress that's just part of a string that I decided to use I could have changed that I could have done salcode dash v1 I could have done salcode v1 with no dash I could have called my namespace tuna so there's no rules here about what your namespace has to be so the guy that people follow is you go with your identifier and then a slash v1 or v2 the idea is you're setting up versions so this way if I want to change what my route responds with in a breaking way I can do that under v2 so somebody else can still hit that v1 version so it's versioning your endpoints here but so this namespace that's the whole thing the slash doesn't have to be in there I'd like to revisit now when we had no route was found when we went to wp-json slash wp so remember our namespace here is wp slash v2 so when we called just wp slash we're giving it part of a namespace we're cutting it off so that slash in there isn't really part of it that we can jump around in so it's just like I gave it part of my name instead of salcode I wrote sas and then I hit enter it's like whoa there's no namespace that matches this so that's why we saw that error when we were cutting off our slashes working our way back in the world of other things that can go wrong you're exploring the REST API you're taking a look at all these different things and one of the things you see is this site health URL oh this sounds interesting let's visit this and we go and we get this REST forbidden message REST forbidden I thought the whole idea is we could go and look at all of these things it gives us a status of 401 these are HTTP response codes 200 is when we have a success 404 is one we're probably pretty familiar with when something is missing 401 is when you are not authorized to view that so this is telling me hey you're not authorized to do this you can't look at this and the reason we're getting this message is because WordPress doesn't know who I am when I make these REST calls this is just an anonymous call coming in here's the same call now from the browser console this is running that code it says hey whoa you're not somebody I trust here this isn't anybody I know so then how can we get this how can we get authorized and the way we tell WordPress who we are so we've got the same call that we're making here this fetch command that we're using in JavaScript allows you to pass a lot of different things one of the things we can do is we can pass a custom header in and specifically the one WordPress is looking for is x-wp-nance and then a value to go with it so when I pass this value in then all of a sudden I get a successful response back from the REST API it says oh hey sure oh this is Sal yeah you can take a look at this here's what I've got for ya enjoy so that comes back alright but that's coming back because I added that extra value here right this nonce value tells it who I am now this nonce value is not always going to be this string even for me on my site it's going to change every 24 hours this one is already expired so don't run out and dry but you need this specific thing this is your key identifier right and the way you get this a couple of different ways if you are on any WP admin page so you're writing code that runs in the back end of your site there is a global WP API settings and it has a property called nonce and so if you put this in your browser you will get back this string so you could use that if you were doing work on the front end you can hit this endpoint and when you hit this endpoint it will look at your cookies and figure out who you are and then return the nonce and then you can feed it back but all of this is a lot of work and the WordPress core developers looked at this and said this is a lot of work I wish this were easier and fortunately for all of us they made it easier so what they did is they introduced WP.API fetch so this command has all of that header stuff we just looked at baked in it finds that nonce value and attaches it as a header when it makes the call as a matter of fact this call you'll notice it only has one await while my other fetches had two awaits and that was because in addition to the fetch I was also decoding it to JSON this does that all baked in so this is taking care of lots of the legwork for you so anytime you can use it your life is better than when you are making those fetch calls particularly if you need to go find that value and stick it in there so I think here's an example of it running it goes through and the call gets made and our value comes back notice I am not doing anything here with nonces I'm not pulling some value from global or doing anything like that it's all just baked in and we get to ride on that which is a pleasure now WP.API fetch is not available everywhere right typically by default I think it is only available on your editor pages so if you have a page open to edit like a page or a post then this WP.API fetch is available there but for example on the front end it is not available there so but most of the code I do tends to be involving the block editor within Gutenberg and so in those cases this thing is there and ready to go and so my calls get way easier now updating title we looked at that example all the way back at the beginning now you can imagine that when updating a title you want to make sure you have an authorized user right I don't want anybody to be able to show up on my website and drop some code in the browser and start updating titles I know these programmers right I would have a lot of pages with the title butts butts butts yeah so fortunately right you need to be authorized but we just looked at what we had to do to get authorized right we need to pass along that nonce or we can use that API fetch which makes us authorized so here's our call that updates the title this is the same one from the beginning but we glossed over it then but we were using that API fetch so by using API fetch it grabs the nonce it knows we're legit and it allows us to make that update so just to compare here our read and our write notice we're hitting the same path the same route we're going to the same place here but when we want to write it when we want to change it we're passing in the data that we want to change and we're passing in this method in the read version there is a method the default it's get by default you're getting information you're pulling it in in this case we are posting information that we want to change it's going out when I think of yeah when I think of these routes and how you can do different things right I think about a big room full of desks and route endpoint or words that get confused sometimes so we're going to talk about here along with that how these are different so we've got this room it's got all these desks in it and the route is how I get to the desk right maybe it's WP V2 posts and then the number right that's the route that takes me to a specific desk I get there and then once I get to that desk the default is I get whatever's there right maybe I'm grabbing a paper off that desk I follow the route I get there I take that paper but taking that paper is an endpoint that is part of that route so multiple endpoints can have the same route so the route is getting to the desk but the endpoint is that desk along with what you're doing you could be getting the value or in the case of when we updated the title we are posting the value there right when we make that update that's a different endpoint at the same route so to me routes are like paths that get us there and the endpoint is what we do when we get there so we looked at reading we looked at writing we've got our authenticated rest calls going on now we're going to add our own rest API endpoint we saw this one earlier that was spitting out my information there right the owner of it so to do this we tap in so the first thing that needs to happen is our code needs to run at the right moment if our code runs too soon it does not work properly and so that's what this code is doing we're saying add action rest API a knit at that moment right so set this up when that moment occurs then run my function my function here is called sal code owner rest so we get to that point my function runs and what do we do inside that function well we call register rest route so essentially to register it right this is what we need to do but we can't do it too early so that's why we have that initial add action we register the rest route we give it the route in two pieces the first piece is that name space we're saying this is the name space this is going in and the second piece is the rest of it my case I just called it name and then we need to give it at least two properties here in the form of a PHP array the first one is the callback it's job will be to return whatever it is we want to spit out and the second one is called the permission callback here I'm using the built in wordpress function return true I suspect you can guess what it returns right if you haven't used these functions they're super useful there's some great helper functions in wordpress this one it's whole job is just return true so you don't have to go write your own function that has a return true in there right so you save a little time alright so it returns a true permission callback comes back and then we take a look so what is cell code owner callback look like so this is that function that returns our data that gets dumped out and we're passing back this is a PHP array right this is going to get transformed into that JSON object PHP array we've got name first last WC us comes out we get our endpoint it spits out I do have a GitHub link there to this code if anybody wants to pull it down and play with it on your own you can add your own endpoint and mess around with it there's a result that's what comes back so calling back to when we had that rest forbidden problem right we hit rest forbidden we said okay we need to be authenticated we had to go through and figure out the nonce and everything like that so this code does not right we don't have to be authenticated perhaps we can guess what we need to change to cause that message to come back right that permission callback function instead of returning true every time we can put our own function in there that does some kind of check right does this user have the capability that we need right is this user one who is allowed to look at whatever this information is and that's essentially what they're doing right so if you're adding this endpoint if you want to restrict this so not anybody on the internet can hit it then you want to use something other than return true there and they'll get that 401 error when you return a false and when you return a true the data comes back so where do I put this code I always like to talk about where I'm putting my code right we've got options we're building code we can put it in our theme and our functions that PHP file this is a quick and dirty one I imagine most programmers here have done it at least at some point right but this one is a ticking time bomb because when you switch that theme then everything goes out the window right so you can write a custom plugin takes a little bit of work you got to put some headers up at the top the other tricky thing I find about custom plugins is I have them I've been burned more times writing code like why is this not working I don't understand how the plug-ins not activated yeah yeah right so that's one of those moments where it's a good time I'm reminded of the idea that whenever you get jammed up you're supposed to just step away and I'm not good at that but I feel like that is one of those moments where I would step away and come back and then the moment I got back I would it would click but the third option right is the MU plugins directory and if this is not on your radar already it's a great one to know about right so the MU plugins directory is this directory where if you drop a PHP file in it WordPress automatically loads it right automatically gets run and so if you're taking a look at your code or at your site excuse me you're looking at your site and you look for this directory it's in wp-content MU plugins now I've shared this with other people and they said Sal I looked there's no folder there called MU plugins right thanks for the tip but that's no help and in fact there's not by default now depending on your hosting there they may have that folder there but in many cases and if you run spin something up in your local machine this folder won't be there but WordPress is hard coded to look for it so this is a great trick if you build it they will come no if you add this folder WordPress will check in it right so if you add MU plugins and then you drop a file in there like here MU plugins owner-rest.mpoint.php WordPress will automatically load that and it gets run so it's kind of like putting your functions.php file however it's not tied to your theme so I find this is a great trick that I use all the time and my goal is to make sure everyone knows about it so if you're writing code and you're playing around with this great place for when you're testing okay so going back to that same origin policy we talked about how we can only request information from our own domain right so that sounds great but there's all this great rest information out there as a matter of fact there's a weather service that I signed up for that has all this great weather information coming in in JSON format but it's on a different domain so my JavaScript can't touch it right so in that case what you can do is you can write PHP code that reads their JSON endpoint and then spits it back out at your own JSON endpoint and so this was really fun and I did this and if you take a look at this URL oh no that's the this is the one where we've got right so here it is so this is my website spitting out weather data for my home area but it's all coming from this other service but it comes out of my website because I'm grabbing it and then spitting it back out and so what that means then is I can run JavaScript on my own site that can grab this data and use it so that's super exciting to me and that's what I did at the other link that I jumped too soon right so I've got my own little weather application here and it spits out the weather for me at home and I really enjoy that and it's geeky and I can customize it and my wife's in dermatology so I can make sure that I put the UV index on there so that we have it available and ready to go and I don't get in trouble for not wearing suntan lotion on days I should so this code right this code is all lives in github I think this link goes to it there it does right so this goes to that you can take a look at it one tip when you're doing code like that right you want to make sure that you cash your results the last thing you want to do is have you know the endpoint on your website and when you hit it it goes out and grabs somebody else's website going out and grabbing it from somebody else's website in terms of time is an eternity in programming time right instead of things just running on your machine so when they hit your site if every time somebody hit that endpoint you went out and hit that and you get people hitting that multiple times your server is going to fall over right it's just too much it's not made to take that so when my code is using a transient what happens is it pulls in that value and then it holds on to it I think it's 90 seconds and then just keeps feeding it back right so even if I hit it multiple times or somebody else my family wants to know what the weather is right by our house they can do that and we're not hitting that all the time so that I've got a list of resources here some of those good blog posts that I've written there we can run code in the browser and pretty print URLs all that fun stuff I am Sal Ferrello I'm a developer at WebDev Studios I appreciate your time today and being here with me thank you any questions does core have caching built in does core have caching built in on the endpoints no is there fear of what I don't know I haven't heard about having that price so I'm not sure we should be having this conversation here and all of this right Evan's like hey if I keep hitting this URL will your site go down Sal that's a good question so I think that is a deep question I would love to chat about this more after this no no I mean I think it's interesting stuff yes but yes other questions sure and actually I think you need an introduction here we are very fortunate to have here with us who is one of the lead developers on the REST API when it was integrated into WordPress core and so this talk would make no sense if not for his hard work thank you at the end of the day the answer for is there a concern about DDoS yes I think that like you can bring a WordPress site down any number of ways the REST API is probably the easiest but it's particularly like it's it is possible and so most of the enterprise tier hosts like WordPress VIP do put REST API get responses through a layer of usually CDN caching that has a short time to live so that you're not going to be hitting it live every time and it's something that kind of has to be host specific it's not something that I think the dream hosts in the world or go to any would necessarily get value from including but by the time you're big enough to worry about someone coming after you usually your own host today is going to have something set up for that that's good they have the time caching for that you know that caching is value it's going to depend on those thank you other questions well thank you all for being here have a great day