Using Postman to Access the WordPress.com REST API
Postman is a great tool for working with REST APIs. It allows us to test out endpoints without having to setup a bunch of infrastructure.
In order to unlock access to all the WordPress.com endpoints and data we will need to generate an access token to send with our requests.
Set up a GET request to an endpoint. Let's use the /posts endpoint for now:
https://public-api.wordpress.com/wp/v2/sites/jeremyrichardson.home.blog/posts
If you execute the request you will get a response with a list of posts. The field we care about is the content. Currently it only has the rendered version of the content. We need the raw content in order to parse the block information to turn into React components.
To get that info we need to add the context=edit parameter to the request:
https://public-api.wordpress.com/wp/v2/sites/jeremyrichardson.home.blog/posts?context=edit
Uh oh.
{"code": "rest_forbidden_context","message": "Sorry, you are not allowed to edit posts in this post type.","data": {"status": 401}}
Now you see why we need authorization.
Authorization with Postman
On the Authorization tab of the Postman request, select Oauth 2.0. On the right hand side you'll see a dropdown with a list of all tokens you have already setup. To create a new token, scroll down to the section Configure New Token.
Fill out the fields appropriately:
| Token Name | the name you'll refer to this token in the future |
| Grant Type | Authorization code |
| Callback URL | https://oauth.pstmn.io/v1/browser-callback (now I remember where this url came from!) |
| Auth URL | https://public-api.wordpress.com/oauth2/authorize |
| Access Token URL | https://public-api.wordpress.com/oauth2/token |
| Client ID | shows up on your WordPress.com OAuth application page |
| Client Secret | shows up on your WordPress.com OAuth application page |
Leave the rest of the fields default or blank.
When you click Get Access Token, Postman will take you through the steps of logging in and authorizing the app. This will result in Postman obtaining your access token.
You can now use the token with Postman to make calls to the WordPress.com api that require authentication just by selecting the right token in the authentication tab.
Try executing the get request again. Now you should get the post information but this time with the raw content for the posts.
Set Environment Variable
Now that you have the access token, you need to save it in your application as an environmental variable to you can include it in fetch requests as a bearer token.
- Create a .env file if you haven't already to be used by NextJS
- Create a new environment variable in your host application platform (Vercel in my case)
Conclusion
Now you're ready to make authenticated calls to the WordPress.com REST API. This is essential for being able to return the raw content of a post where we can rebuild the blocks with React components.
In the next post we'll go over how to pull post data and parse the blocks to be able to render as React components.