With ShieldPRO 14.1 we’ll be releasing our brand new REST API integration for our WordPress security plugin.
For many of our clients, we understand that there just isn’t a need for the REST API in their current workflows. But for some clients, particularly those with larger portfolios, a way to automate and control the Shield plugin without using the WordPress admin dashboard is crucial and something we’ve been asked for several times in the past.
Over the past few years we’ve been in discussion with a number of different parties about opening up Shield Security to programmatic control using the REST API. We just weren’t in a position to accommodate it, until recently. To facilitate our latest partnership, we’ve built a brand new REST API integration meaning that all our ShieldPRO customers can take advantage of automated Shield controls, if they need it.
In this article we’ll outline a little bit of what the REST API is, and what areas of the Shield plugin are covered so-far.
Of course, if you’re not a developer or you don’t have a large WordPress portfolio, then this probably won’t be of much interest to you. But read on anyway if you’re curious! 🙂
What Exactly Is Shield’s REST API Integration?
Firstly, what is a REST API?
An API basically a set of protocols that allow for the (programmatic) integration of applications. It lets 1 application “talk” with another application, following a set of definitions for what requests are permitted, how the requests should be structured and what the responses look like.
When everything is standardised with rules and definitions, then applications can easily be built to work with them.
So Shield’s REST API is a set of definitions to help interact with the Shield plugin on a WordPress site. If another program calls a REST “endpoint” that we’ve provided in the manner that we’ve set out, then they’ll be able to interact with the Shield plugin in much the same way as you would do from within the Shield dashboard.
WordPress released their REST API into WordPress Core from v4.7 and, using this as the foundation, we’ve added our own API endpoints dedicated to Shield Security.
For example, you might want to configure the Shield Plugin Badge to be displayed across your entire WordPress portfolio. You could login to each site, go to the Shield Dashboard, check the option to display the badge and save.
If you have many sites, you could alternatively use the REST API and automatically send the request to switch on that option on each of your sites. Sure, you’d have to build that integration, but once you’ve built an integration for 1 part of the API, adding further requests is straight forward.
When Would You Want To Use Shield’s REST API?
As we’ve mentioned a few times, the power of the REST API comes from integration with other applications. If you’re not running other applications, then this won’t be important to you.
However, larger agencies or services providers that integrate with WordPress sites will find the power that the API provides extremely useful.
If your portfolio extends to, say, 50+ WordPress sites, you’ll want some sort of method of controlling these sites. You probably use a system like iControlWP, MainWP or such like and so your WordPress management overhead is significantly reduced.
While tools like this are great, they often don’t have direct integration with specific WordPress plugins. Our iControlWP platform does have a dedicated control panel for ShieldPRO, and we’ve even added an integration with MainWP a year or so ago.
As a larger agency, you may have custom, in-house system for managing your sites. But however you manage your portfolio, you now have the option to build an integration with all of your WordPress sites to help you manage Shield Security at-scale.
What Can You Find Shield’s REST API Documentation?
Before you can use an API, you need to know how it’s defined.
This is where Shield’s REST API documentation comes in:
Shield Security for WordPress REST API Documentation
As this API is built upon the foundation of the WordPress Core REST API, things like user Authentication and Authorization aren’t covered in this documentation.
As a developer you will already be familiar with how to authenticate with the WordPress REST API, and this is no different. Shield requires Admin-level authorization to retrieve details on, or modify any aspect of, the plugin and this is no different when you use the API.
The simplest approach is to use WordPress’ built-in Application Passwords system to authenticate and authorize access to the API.
Requirements To Use ShieldPRO REST API
In order to use the REST API, the base system requirements are a little different the core plugin itself. You’ll need:
- Shield Security Plugin v14.0+
- ShieldPRO – an active ShieldPRO license will be required, though the API endpoint to run a check for a license is always available. In this way you can activate a license via the API.
- WordPress version 5.7+ (this means ClassicPress isn’t supported)
- PHP 7.0+
Please note that we’ll be adjusting (up) minimum system requirements as the REST API evolves. Strictly speaking, the REST API is only officially supported on the latest available version of WordPress.
Questions and Suggestions?
This can be a bit of a complicated topic and it probably won’t be of much interest to many of our clients. However, if using and integrating the REST API is something you’re interested, please do reach out to us and we’ll happily help you out.
Please feel free to leave us any suggestions, questions, or comments below!