The festival of WordPress
January 22, 2021

This is an archive of the January 2021 event

Introduction to the GraphQL API for WordPress

The GraphQL API for WordPress is a brand-new WordPress plugin which which enables access to all the site data using the GraphQL API, and which preserves publishing the data through fixed endpoints (as in REST) for increased security and speed.

We will do a tour of the features of this new plugin, including how to create a fixed endpoint using a GraphQL query, how to manage who can access the data, and how to set-up caching.

Time: 3:00pm UTC
Region: EMEA
Stage: Fused Stage

Welcome to my talk introduction to the API for WordPress, I’m going to demonstrate a new plugin, which is going to be a luckier server. My name is Leonardo, so my sister is like my full name. And these slides are available on slices com slash  slash draft UN API or WPP. So let’s start. So what is an API, this a mechanism through which the client can interact with a server.

So we have a client with a, with data and the center. We would play with the data. What API do we have in workplace? We have rest via the WP recipe, PA, which is included in WordPress core. And we have got QL as ready via , which is a plugin available on the , but they have just raised the virtual Montecito and now it’s available on the intercourse.

Congratulations to them. But what I wanted to show you today, it’s not tentative to the musical scale, basically API. How does it work? It just takes multiple endpoints. Which is data to their resources are placed via put complete. So these have of the URL of an end point  due to cost. And what we get is all the data for on the spot and we cannot choose which data the data is heavily prettified.

Let me pick up, how does it work? It has an end point that the Tuesday time, much the query and it operates solely the post. So he, how you eloquent? It looks like in this case where the question box and for each one of those objects, we want three pillars, the ID and the URL. We could do this query. We get adjacent five or just an object.

We accepted that response. At least the first would they be the tenant? So how do they compare? I have made up a payment. When we come from varying, uh, six items, security touching, access controls, and who can use it. This is not exhaustive. There are many other items, but let’s talk about speed. How did they compare?

Let me peanuts, API. It’s not fast and it’s, it’s not low. It depends on what’s your use case. You send me some data for your boss and you have a  data. You fetch it, you got it. But if you need to get more than just the cost, you also need to get the offer or maybe the comments. And I said the media, and you also got an eight inquiries from the committee with slower, mostly on mobile phones.

But if you got the connection to be fast, because you can receive all that in a single query security, the API is very simple. It’s a very secure, doesn’t have. Um, it’s not so difficult to set up a secure API by the point, particular and pick up QL. It’s more difficult because the endpoint that you’re allowing your users, your clients to query anyone complete.

So you’re allowing to have managers others grade. They tell that he’s possibly not supposed to be public. So you need to be careful with what is available on your end point, our caption. And it did I say API is only by default because it’s a URL that same urine from whichever goes in beta. When it gets operation, you can see from the CDN on the browser  and  have the problem that got very separated.

The a post-Christian. So, those are not naturally. And the tendency is to pass everything on the client. By adding extra logic to the application control, both are, it can be gone, but it has to be done. So you can just ship after operation to your influence, but it has to be done. It has to be cold and it’s not easy.

Same state. Simplicity. That is the recipe is very simple. You set up a hook and you, the fun with the solver to resolve that particular end point. And you got it in the same. We used to have to define every server, but not for a hook in this case, before a type in that active, it hasn’t been more of logic.

Finally who can use it in both cases is developers. They know interface to deal with them in the sense of coding, coding, the solvers, how  users have to page comments. This is pure code that somebody has to go. And when you create an end point and then 0.1 to the next point, you have to call it. So I had a question.

Probably been an API with the features of both ref and QL. Yes. We can get it down to my introduction, to the API for WordPress. This is a brand new login. It is still not available on the workplace. Uh, lagging is still under development. It’s open source. But it’s already ready for production. How do you, you said, how do you get it?

everything is on gut QM, I have just launched this website last week and take it out. Let me know how it goes. So let’s check out the features, the features of this. Like what makes it unique? What makes it special? First I will describe, which are all of his screens because, and I’m going to show a video, which I have uploaded on Chrome.

So if you have access to these slides, you can be like me click on this URL that you can see below. So what is  if the plane’s

drive it and also on its own urine. Public. So you can either, I said the brace, just you and your team, I need the most of you have access to these, to your users, to your clients. It’s up to him. You have to decide who can use it. So let’s check it out, how it works. I’m going to give you an explanation of what you see on the screen.

So this is a plugin that’s, you’re like, yay. When we clicked on the first item, which is because we get the client, the holiday looks like on the left, we have, we just call it Explorer, which is showing on the fields that we’re having on our schema. And by clicking on the fields, we can compose the query.

In this case, we are recording four on the force with the date, the ID, the unit, and the time I was pressing the wrong button. And yeah, cause he’s not, I, the offer. For each book, you’re an ideal display name and I press on the wrong button once again. And you can see that we have the results. We can also feed that information.

Say, give me only percent. This came with the boss limit three, and we can . We can say that the limit is still her calling, but in the query, we can put him as a parameter in this case called limit. Once again, uh, now, uh, we’re replacing the value and when clicking on drama, we have the results in having. So this has just to be sure we think the frame, so one bigger, then we got it.

And finally, on the gut, because we have documentation, this is the  all of your data. What did they tell you? Having your in your workplace? They come here. They come. . I’m going to read to each other. What is in this fiction? All of the information is available on this client is very useful when you’re going to call this place, we’ll be using the graphical and it is your gateway to us interacting with Dustin.

But it is not beyond me to think that I would talk to him. We have a tool called the Voyager to provide us a functionality called the interact with schema. It is a client traditional schema, how relate to each other. So let’s check it out. Let’s see about this video, what it is. So when we click on the schema APA manual, we know this plan, it takes a few seconds to load, but we’ll see what we get.

We get all the interviews that we have on data model. . That’ll be for where we start composing the query we have first, and we see that there’s some type of an offer, which was subset type called user I’m on a visa entities, which have connections to each other. In this case, they offer as a connection to somebody else.

They come and have a connection to somebody else. We can explore all your relationships among all of the different entities with how the foundation, see what they are. What is the description is a wonderful way to explore the data. If you’re developing a plugin and you have a testable site, you can see how your fucking perfect is related to all your empties in WordPress.

It makes interacting with it with the database, such a pleasure. Um, having the students really feel that to go back to just reading for code, they need to check what’s going on with SQL anymore. You the data.

Okay. Now custom endpoints. This is what we started with the logic itself so far, what the selection became, how to interact with . Those two, the GFI con and the Voyager for him that his dad got to and from the plane. So you cannot find another four different doctors servers, but no, it was just seeing which of the features to the plane called doctrine API for workers.

The first one is called custom inputs, different configuration for different users. Clients or team or applications for instance, web or mobile. So I have mentioned before it has to be a single endpoint, but why does it have to have a single endpoint? What happens if you have different clients with different requirements, it has different reputations for different requirements.

What does it mean to have different requirements that mainly for clients you want to expose? Roll-ups. Because they have reduced their users and you want to show them what they can buy and for everyone is, and I’m a user. You don’t want to show them. So let me know, you have to refund schemas at the same time.

You might have different applications with different permissions to be sometimes if you have a

and so on and so forth. Hence it makes sense to think that you can have more than one input from gasket influences. So the idea here is that you create how many infants are you on Evian point, we have its own configuration. How do we do that? We just click on, add new graph your endpoint. They will bring a WordPress editor screen.

You can see this is the standard WordPress editor, and we could spin up a solution called  mobile app. And it has it’s own urine. That is the end point. And it has its own clients by doing, uh, view equals fluffy pal. We get its own graphical claims. So instead that would be custom input. I mean, we type view equal schema on the urine.

We can visualize the specific schema of this custom input. It took three clicks. To create this and you can really customize your application, your website, or for different clients, whatever it is that you mean. Very simple. Yeah.

Next one is called persistent queries, artistic queries.

Rescue in all you pay your fine baby’s exposed under you then. Um, so that makes it better. Um, either this or that, why do need to have rest or the Dustin? So how do we make on the admin, uh, in the query button

and we have a graphical clients and is right within the workers April. So once again, we only need to click on the fields on the left, on the Explorer. So compulsively with a limit of five and the offset. If I wrote insulated on why we are passing the opposite, whatever I missed out. Some things that also have their ideas and MBO, then yes, the one for comments with content, which we can format in a specific format that we find on the plane one day.

When the date, Oh, we’re not on the bus again, except the feature we will touch with APM, the sauce. Then I’ll call the taxi one, the main run and we see the results. Yeah. All of them.

Now we click on publish and when we pick them publish, we have. A new way, which has on your end, you can take it out there. And we got all the results and you remember the option virally. It provided them that we can customize the group  in this case, by then it was five. We are executing Macquarie wood with that number four, the opposite.

So wonderful. Before we have a customer inquiry that he. Exposed under its own urine and it can be dynamic. You can customize it with your parameters. I’m not a union.

Excellent. If I’m cooking up as a theme is the user,  your customer.

In this case, we can have a security. So you have a service. I don’t want to leave anyone or everyone you want to have  the applicant is for  scene by scene, by scene, who can access it in this case, we’re going to get personal user data. We select the fields we search for the user and we select the email and the capabilities.

Now we are going to return him who can access this. We select user state only the loving users. Now we publish the access control list to make it, uh, to have industrial query and the influence. Well, we have to input that into a schema. Configuration configuration is basically the way to direct a schema schema schema with only a limited set of labor.

In this case, we have a schema and we just added the Africans list. Now we go to our end point. Um, we have an important for website, which has already this, uh, female configuration. We should have the end point. And then we use like the cotton like us, because plant. So if you remember that email was, uh, you have to be looking, I don’t know, being in the people scheme now I open a new window.

Well, I’m not private window. And I completed the same name. I’m feeling around it. Now he says, you must be loving, you know? So that was because I said only the users can access it. You cannot.

Next one heavily private email. So we’ll have him on the phase one phase. So we send the user while fame, which is a public mode, or should we deny the existence or the theme, which is the private mode.

So before we saw how it came, the validation, we said, you can same. Now we have a validation for

anyone with  or manage options, or anyone would be strong.

I wouldn’t make it public. Okay. We update these access control lists. Now we execute the query. I am an admin here, so they know arrow. It doesn’t say that I cannot physically, but we’ll send any of us a window. Like I, when I took it now, he might be looking for, from the field roles. We just gave it permission.

And now we will also check the schema. Information is public. It’s telling you these things exist. You just cannot it because we can see that you said all that will happen. If we change this to make it private, we have dated. So when we accepted the same query, we go back to the client.

in voice. And when we go to the schema and we initialize the schema, but no field anymore and was happy, happier as a consequence. So it is not only that you kind of pay for thing for you. So we may still be very useful if he wants to provide access to your login users. And access to your local users and they can see different information, or maybe you want to, I can see your own team and obviously appliance on.

They see different information,

cash control list. We can pass on the server CDN or Belser we have found that they’re not calculating for you. You remember I said before,  he has to have a single endpoint operating via post.

but move so we can patch the access to the rest that you have here is we’re going to say by theme, by theme, which is age and , which is age for the requests, based on all the fields in the green. In this case, we select the URL. And we say 60 seconds with like the time for the post, we say like 35 seconds and we’ll have one more the name for the user and what we say.

We have some bits of seconds

once we have probably, we need to make sure that our scheme of configuration. Uh, configuration. So we added the, a config in this case,

we’ve got the cash companies. I know we have the new one that we have created website. We update the configuration. Um, we both . We haven’t a grade here, which has to read that schema configuration. And we opened it, execute the query in this case, if they do nothing much. But what I’m saying there, that we get from, from the client, which is from the services, we can have response.

What is it that we put back? So we updated, we urine from the user. If you remember, we had forgot that one has 60 seconds of my age. So we utilize the responsive as much H because now we are there for the post. If you had a member, they will have 35 seconds. So we go back to our, we have a session and we take what you said, response.

And he said,

um, And then we added one more, which was the name for the users. If you remember, they will have 22 seconds. So now we refresh the precipitating, my H and we got feet two seconds. Perfect. Finally, what happens if we select a field would use a state. Me me depends on the login user. You’re kind of patched up.

So now we are physically. And when we bought no store. So the server, the Gusto server, if you can detach or not, if it can be cash deficit, and it’s based on the configuration that you provide to your APA.


response to the query. We have an API hierarchy. We don’t get the hierarchy of inputs collecting information in the urine. I have no time to show these videos. You want to see them? Please come to this slide and click on the urine. I am joining so far. I hope you are, but that’s much more in production.

With third party APS wants to deploy execution name spacing pompous with that method mutations. And then everything’s compostable is based on not a lot of power here. So how do they compare

who can use it? Yes. API makes everything easy. It’s very fast because you can catch it very securely because you can set up access control lists on field by field basis. As I said before, and anyone can use it and use it to how you do click, click, click, click Polish, you have a new endpoint. You don’t have that, that you have ability when you have to use code.

When you have to go into PHP, I’m playing that here. Everything you do is user interface. So, so the GFE, can they pay for what praise, what can we do that many things we can, you can follow you. You can embed your Gusto to fix data for you. You’re getting that with API, with cult services. So I’m hunting your fiction data for yourself from warfare, from your book will, from what she says, you can connect with cloud-based service translate with both Facebook or send the tip on only things you can do, basically.

Yeah. Making a website that you have the center otherwise. The next WordPress becomes the operating system. Otherwise everything from the client, you have the app, that’s where you have a mobile app. You have you, so the cloud services to anything that you might need, gateway interface of information. So take it out.

You got any suggestion,, hence spread the news. If you like, what you have seen share with your friends and colleagues, and please talk about it. This is open source. It’s not a commercial project, so they had things on word of mouth. Hopefully if you like it, you will use it and they will tell you to check it out too.

One gratitude for everybody.

Thanks. My name is

I hope you have enjoyed this presentation. Thank you very much. Oh, yeah.

Share this session

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email