Infospica Headless API
Infospica Headless API is a WordPress REST API plugin that transforms your WordPress site into a secure, scalable headless CMS with fully isolated custom REST API endpoints.
Build modern frontend applications using Next.js, React, Vue, Angular, or mobile apps — powered by WordPress as a backend API, without touching the default WordPress REST API.
Looking for a secure WordPress REST API plugin for headless CMS? Infospica Headless API gives you a custom namespace, full CRUD support, ACF field access, and authentication control — all from a clean WordPress admin UI.
Why use Infospica Headless API?
Most developers using WordPress as a headless CMS face the same problems: the default REST API exposes too much data publicly, offers no namespace control, and has weak write protection.
Infospica Headless API solves all of that with a dedicated, configurable API layer purpose-built for modern headless WordPress architectures.
Key advantages:
- Fully isolated API namespace — no interference with default WordPress REST API
- Every endpoint requires authentication — no accidental public data exposure
- Write operations are locked to WordPress capability checks
- Works with any headless frontend: Next.js, Nuxt, React, Vue, Angular, or mobile
Key Features
- Custom WordPress REST API namespace with version control (
/wp-json/my-api/v1/) - Full CRUD endpoints — GET, POST, PUT, PATCH, DELETE
- Supports Pages, Posts, and Custom Post Types (CPT)
- ACF field support — include Advanced Custom Fields in API responses
- Authentication-aware — all endpoints require authentication; write operations require capabilities
- CSRF protection — nonce validation enforced for cookie-based authentication
- Pagination —
?pageand?per_pageon all list endpoints (max 50 per page) - WooCommerce-safe — core WooCommerce pages automatically excluded
- Clean admin UI — manage namespace, version, and enabled content types
- Clean uninstall — removes all plugin options on uninstall
Use Cases
- Headless WordPress with Next.js — fetch posts, pages, and CPTs via secure REST API
- WordPress REST API for React or Vue — isolated namespace, no public data leakage
- Mobile app backend — use WordPress as a content API for iOS or Android apps
- SaaS platforms — use WordPress as a headless CMS for multi-tenant applications
- ACF API — expose Advanced Custom Fields data via authenticated REST endpoints
- CPT API — serve Custom Post Type data to any external frontend or service
Security
- All endpoints require authentication — including read (GET) requests
- Write operations require WordPress capability checks (
edit_posts,delete_posts) - Nonce validation enforced for all cookie-based write requests (CSRF protection)
- Email addresses and sensitive user data never included in API responses
- WooCommerce core pages (Shop, Cart, Checkout, My Account) excluded automatically
Authentication
All endpoints require authentication.
Supported methods:
- Application Passwords (recommended) — available since WordPress 5.6; generate under Users → Profile and send as Basic Auth header
- WordPress login cookies — for browser or admin usage; write requests require
X-WP-Nonceheader or_wpnonceparameter - Any authentication method that correctly sets the WordPress user context
Write operations are additionally restricted by WordPress user capabilities.
Available Endpoints
Base URL structure:
/wp-json/{namespace}/{version}/
Example:
/wp-json/my-api/v1/
Status
GET /status
Pages
GET /pages
GET /pages/{id}
POST /pages
PUT /pages/{id}
PATCH /pages/{id}
DELETE /pages/{id}
Posts
GET /posts
GET /posts/{id}
POST /posts
PUT /posts/{id}
PATCH /posts/{id}
DELETE /posts/{id}
Custom Post Types
GET /{post-type}
GET /{post-type}/{id}
POST /{post-type}
PUT /{post-type}/{id}
PATCH /{post-type}/{id}
DELETE /{post-type}/{id}<h3>Pagination</h3>
All list endpoints support pagination parameters:
?page=1&per_page=10 (maximum 50 results per page)
Example:
/wp-json/my-api/v1/posts?page=2&per_page=5<h3>License</h3>
This plugin is licensed under GPLv2 or later. See: https://www.gnu.org/licenses/gpl-2.0.html