REST API Reference

The Wp Admin REST API allows developers to programmatically manage WordPress sites, trigger security scans, handle backups, and access performance metrics. All endpoints require authentication and follow standard REST conventions.

Base URL: https://api.wpadmin.com/v1
ℹī¸
All requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Authentication

The Wp Admin API uses API keys to authenticate requests. You can view and manage your API keys in the Dashboard Settings. Your API keys carry many privileges, so be sure to keep them secure.

Request Header
Authorization: Bearer sk_wp_live_a1b2c3d4e5f6g7h8i9j0

Never share your secret API keys in client-side code, GitHub repositories, or public forums. They provide full access to your managed sites.

Rate Limiting

API requests are limited to 1,000 requests per hour per API key. Exceeding this limit will result in a 429 Too Many Requests response. Rate limit headers are included in every response:

Response Headers
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 842
X-RateLimit-Reset: 1678901234

List Sites

GET /sites Retrieve a paginated list of managed sites

Query Parameters

NameTypeRequiredDescription
pageintegerNoPage number (default: 1)
limitintegerNoItems per page (max: 100)
statusstringNoFilter by status: active, down, maintenance

Response

application/json
{ "data": [ { "id": "site_8f3k29d1", "domain": "example.com", "wp_version": "6.4.2", "status": "active", "uptime": "99.98%" } ], "meta": { "page": 1, "total": 24 } }

Get Site Details

GET /sites/{site_id} Retrieve detailed information for a specific site

Path Parameters

NameTypeRequiredDescription
site_idstringYesThe unique identifier of the site

Response

application/json
{ "id": "site_8f3k29d1", "domain": "example.com", "environment": "production", "php_version": "8.2.3", "security_score": 94, "plugins": 12, "theme": "Astra 4.6.1" }

Trigger Security Scan

POST /security/scan Initiate a full security and malware scan

Request Body

application/json
{ "site_id": "site_8f3k29d1", "scan_type": "full" }

Response

application/json
{ "scan_id": "scan_x7y9z2", "status": "processing", "started_at": "2025-01-15T10:30:00Z", "estimated_completion": "2025-01-15T10:45:00Z" }
⚠ī¸
Full scans may take up to 30 minutes depending on site size. Use polling or webhooks to track completion.

List Backups

GET /backups Retrieve backup history for a site

Query Parameters

NameTypeRequiredDescription
site_idstringYesThe site to fetch backups for
typestringNoFilter: full, files, database

Response

application/json
{ "data": [ { "id": "backup_m4n5p6", "site_id": "site_8f3k29d1", "size_mb": 245.8, "created_at": "2025-01-14T02:00:00Z", "status": "completed", "retention_days": 30 } ] }

Restore Backup

POST /backups/{backup_id}/restore Restore a site from a specific backup

Request Body

application/json
{ "maintenance_mode": true, "components": ["database", "uploads"] }

Response

application/json
{ "restore_id": "rest_q7r8s9", "status": "initiated", "message": "Restore process started. Maintenance mode enabled." }

HTTP Status Codes

The Wp Admin API uses conventional HTTP response codes to indicate success or failure:

  • 200 OK - The request succeeded.
  • 201 Created - A new resource was successfully created.
  • 400 Bad Request - Missing or invalid parameters.
  • 401 Unauthorized - Invalid or missing API key.
  • 403 Forbidden - Insufficient permissions.
  • 404 Not Found - The resource does not exist.
  • 429 Too Many Requests - Rate limit exceeded.
  • 500 Internal Server Error - Something went wrong on our end.
Error Response Format
{ "error": { "code": "invalid_api_key", "message": "The provided API key is expired or revoked.", "status": 401 } }

Official SDKs

Interact with the Wp Admin API using our officially supported client libraries:

Python 3.7+ Node.js 14+ PHP 8.0+ Ruby 2.7+ Go 1.18+

Find installation instructions, code examples, and documentation for each SDK in our Developer Portal.