 Hey there, and welcome to Learn WordPress. In this tutorial, you're going to learn a few more ways to interact with the WordPress REST API. You will learn how to create or update custom fields while creating or updating posts, and how to authenticate with the REST API using application passwords. You'll also learn how to use a REST API testing tool to test your REST API root and endpoints. If you've never interacted with the WordPress REST API before, I recommend watching the interacting with WordPress REST API tutorial first, and then coming back here. This tutorial builds on the code examples shared in the last tutorial. You can download the plugin that was created in that tutorial from this URL, and use it as the basis for this tutorial. To review, this plugin adds a new admin sub-menu page to the tool's top-level menu, and it uses the REST API to load the posts from the site and display them in the top-text area. It also has a form that allows you to add a new post by entering the title and content fields and clicking the Add button, update a post by entering a post ID title and content and clicking the Update button, and delete a post by entering the post ID and clicking the Delete button. The plugin has a PHP file which handles the admin menu and forms, and a JavaScript file which interacts with the REST API using the Backbone.js client. Listing posts uses the post collection, and creating and updating and deleting posts uses the post model. There are individual functions to handle each of these actions, and each function is called when the corresponding button is clicked. Besides the default fields that exist on a post, WordPress also allows you to add and manage custom fields, also known as metadata. These fields are often used on custom post types to store additional pieces of data that are specific to that post type. Under the hood, these custom fields are stored in the post meta table, as a set of key value pairs attached to the post by the post ID. If you've ever worked with the add post meta, update post meta, and get post meta functions you're accessing these custom fields. Beyond posts, WordPress also supports metadata on other data types, such as comments and users. You can read more about this in the metadata API documentation on developer.wordpress.org. The WordPress REST API allows you to create or update custom fields when creating or updating data. This is possible by passing an object of key value pairs to the meta property of the model you're working with. However, in order to use a custom field, you have to register it first. This is done using the register meta function. The key parameters required are the object type and meta key, and then an array of specific arguments. For example, if you wanted to add a custom field called URL to the post type post, you would use the following code. Register meta, and then it would be applied to the post, and we'll call the key URL. Then we specify the array of arguments, and we should pass in things like whether or not it's a single post meta. In this case, we'll make it true. The post meta type, in this case, we'll make it a string. The default value, which will make an empty string. The show in rest argument will set to true. This can be added to the root of the plugin PHP file, and does not need to be wrapped in an action or callback function. However, it is recommended to add it to something like the init action hook. So we could say add action init, specify a callback function to call when the init hook runs, put the register meta inside of this function, so it's nice and neat. It's important to ensure that the show in rest property is set to true, otherwise the custom field will not be available on the rest API. Once this is done, you can add a field to the form that creates a post to capture the URL value. If we go down to the add post, let's copy the post title, because that is a text field. We'll pop it underneath the post content, and we'll rename things to URL. Next, switch to the JavaScript file and update the submit post function to get the URL value. This is the submit post function, so let us add post URL variable, document, getElementById, wpLearnPostUrl, and we will return the value. Then pass the URL value to the post model as part of the meta property. So inside of the post model object, a little bit, we can now say meta, and then create a new object, pass the URL and the post URL value. Note that the meta property is an object, so you can add as many key value pairs as you need. The key is the name of the custom field, as specified in the register meta function. Once you've done this, refresh the admin page and test adding a post with the URL. So let's pop back to the page and refresh it, and then let's add a post with a URL content, and then some URL, and we can add it. To validate that the URL has been saved, open a new browser window or tab and navigate to the post in the dashboard. So we've got posts open here, so let's navigate to all posts. There is the post with the URL, and let's take a look. You should see the URL field in the custom fields area at the bottom of the editor screen. Depending on your setup, you might need to enable the custom fields area. If you're using the block editor, you can do this by clicking on the options button, clicking on preferences, panels, and enabling the custom fields toggle. This will require the editor to be reloaded, and then you can see the custom fields. If you're using the classic editor, click on the screen options button at the top of the window, and enable the custom fields option. By default, the WordPress REST API and the Backbone.js client use the same authentication cookie that is set in your browser as when you log into your WordPress dashboard. So if you're a logged in user, you can access the API for create and update requests without needing to specify any authentication. This is how the block editor works, for example. If you wanted to build a separate application that allows specific users to create and update posts, you would need to provide a way for them to log in. One way would be to make use of the default WordPress user login form, and use the wp-login.php file to handle authentication. Another way that's now available to WordPress is something called application passwords. Application passwords can be set on a per user basis and are used to authenticate requests to the WordPress REST API. This allows you to let users access the API without having to share the password they use to log in to the WordPress dashboard. Go ahead and create an application password for your user and save it to be used later. To do this, navigate to your user in the users list and click on the user to edit it. Scroll down to the bottom of the screen under the application password section. Give the new application password a name and click the add new application password button. So let's call this API testing and add new application password. The password will be generated for you. Make sure to copy it as you won't be able to see it again. In this screen, you are also able to revoke the password should it ever be leaked. Typically, your application would then need to ask the user for their username and this password. Let's take a look at how these credentials can be used by introducing a tool to test REST API requests. There are a number of tools available to test REST API requests. For example, if you use PHP Storm, it has a built-in HTTP client. And if you use VS Code, there are extensions like Postcode that you can install. There are also standalone tools like Hopscotch and Postman. You can even test your REST API endpoints using the call command in your terminal. For the purposes of this tutorial, we'll be using Postman. You can download the Postman app from the Postman website. The current version at the time of this recording is version 10.8.6. By default, Postman will create an initial workspace to store your request collections. Once opened, click on the Create Collection button to create a new collection where you can add multiple requests to test. Let's say REST API collection. You can give the collection a name to differentiate it from other collections. Inside the collection, click the Add Request button. This will open a new request where you can give the request a unique name. Let's say Get Posts. Then enter the URL to your local post endpoint and click the Send button. So in our case, it will be learnpress.test, wp-json, wpv2, Posts, and click the Send button. The request will be made and the JSON response will be passed and displayed in the response area. Now create a new request and enter the same URL to the post endpoint, but this time change the request method to Post. So what we can do is we can duplicate this request and simply change the name of the request and change the method and hit Send. When you create the request, you'll be presented with an error message because you're not authenticated. To authenticate the request, click on the Authorization tab and select Basic Auth from the drop-down. Then enter your username and password and click the Save button. So in our case, the username is admin and we'll need to paste the application password we created earlier. Then save this request and then send it. This time you don't get the same error because you are authenticated. So this means we can create posts if we pass in the right data. Go ahead and create a new post by clicking on the Body tab in the request and selecting the Raw Radio button. So Body, Raw, then select JSON from the drop-down and enter the following JSON object. JSON and we will open a new JSON object and now we can specify the REST API fields as we did in the Backbone.js client. So we can say my new testing post and for content, we can just say testing post content. And let's make sure to give it a status of publish. And let's also pass in the meta object, which is the URL custom field. And we will just say something like example.com. It's sent again and the post will be created, returning the JSON response of the new post. So let's send this and there is the new post information. To be sure, go ahead and check the post in the WordPress dashboard. You should see the post created with the URL custom field. So let's switch over to posts. There's the new testing post and there is the example. Using a tool like Postman to test REST API endpoints is a great way to save time by ensuring that the data you intend to send is formatted correctly and that the request is being made to the correct endpoint. It's also extremely useful when extending the REST API. More information on interacting with the WordPress REST API as well as how to extend it, check out the WordPress REST API handbook at developer.wordpress.org. Happy coding!