=== RESTful JSON API ===
Contributors: parorrey
Donate link: https://www.parorrey.com/donate/
Tags: json, api, rest, jwt, mobile
Requires at least: 5.0
Requires PHP: 7.4
Tested up to: 7.0
Stable tag: 0.15.7
License: GPLv3 or later
License URI: http://www.gnu.org/licenses/gpl-3.0.html

40 JSON API endpoints for WordPress content, CPTs, taxonomies, media, comments, widgets, users, JWT login, API keys, CORS, and HTTPS.

== Description ==

RESTful JSON API provides simple JSON endpoints for WordPress content and user-facing app workflows. It is designed for mobile apps, external tools, and lightweight integrations that need predictable JSON responses from WordPress.

Built-in features include:

* Core endpoints for pages, search, indexes, menus, and API metadata.
* Posts controller endpoints for read-only post lists, single posts, CPT discovery, custom taxonomies, taxonomy terms/posts, media, attachments, comments, date archives, category archives, tag archives, and author archives.
* Comment submission endpoints.
* Widget/sidebar retrieval endpoints.
* User signup, login, token validation, current-user profile, avatars, password reset requests, user meta, and authenticated comments.
* Plugin-issued JWT bearer tokens for protected endpoints.
* Optional shared API-key protection.
* CORS allowed-origin settings.
* HTTPS enforcement for password and bearer-token requests, enabled by default.

Full endpoint documentation with sample code is available in Settings > RESTful JSON API > Documentation. The same long-form documentation is also included in `readme.md` inside the plugin package.

== Installation ==

1. Upload the `restful-json-api` folder to `/wp-content/plugins/`.
2. Activate the plugin from the WordPress Plugins screen.
3. Open Settings > RESTful JSON API.
4. Configure the API base path, optional API key, CORS origins, HTTPS requirement, and enabled controllers.

== Frequently Asked Questions ==

= How do clients authenticate? =

Clients call the User controller login endpoint with a username and password over HTTPS. The response includes a plugin-issued JWT. Protected endpoints require `Authorization: Bearer ACCESS_TOKEN`.

= Do users need WordPress Application Passwords? =

No. This plugin uses JWT authentication, so users do not need to manually create Application Passwords.

= Is HTTPS required? =

HTTPS is required by default for password and bearer-token requests. Site owners can disable this in Settings > RESTful JSON API for local or non-SSL environments, but production sites should keep it enabled.

= Does the plugin still use authentication cookies? =

No. Cookie-based authentication endpoints were removed. Use JWT bearer tokens instead.

= Where are the endpoint examples? =

Open Settings > RESTful JSON API > Documentation for login, token validation, post create/update/delete, user meta, comment, and controller examples. The same documentation is also included in `readme.md`.

== Changelog ==

= 0.15.7 (2026-07-15): =

* Initial release.
