{"id":235268,"date":"2025-05-29T05:02:56","date_gmt":"2025-05-29T05:02:56","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/rest-api-route-tester\/"},"modified":"2026-03-20T18:52:46","modified_gmt":"2026-03-20T18:52:46","slug":"rest-api-route-tester","status":"publish","type":"plugin","link":"https:\/\/twd.wordpress.org\/plugins\/rest-api-route-tester\/","author":23144673,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.4.0","stable_tag":"1.4.0","tested":"6.9.4","requires":"5.0","requires_php":"8.0","requires_plugins":null,"header_name":"REST API Route Tester","header_author":"jawad0501","header_description":"A tool to test WordPress REST API routes with different user roles and authentication methods.","assets_banners_color":"001d48","last_updated":"2026-03-20 18:52:46","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/rest-api-route-tester\/","header_author_uri":"https:\/\/profiles.wordpress.org\/jawad0501\/","rating":0,"author_block_rating":0,"active_installs":40,"downloads":758,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"jawad0501","date":"2025-05-29 05:02:34"},"1.1.0":{"tag":"1.1.0","author":"jawad0501","date":"2025-10-16 10:34:02"},"1.4.0":{"tag":"1.4.0","author":"jawad0501","date":"2026-03-20 18:52:46"}},"upgrade_notice":{"1.1.0":"<p>Security release. Fixes XSS in route dropdown, orphaned test user leak, and missing input validation. Upgrade recommended.<\/p>","1.0.0":"<p>Initial release<\/p>"},"ratings":[],"assets_icons":{"icon-128*128.png":{"filename":"icon-128*128.png","revision":3302611,"resolution":"128x128","location":"assets","locale":""},"icon-256*256.png":{"filename":"icon-256*256.png","revision":3302611,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544*500.png":{"filename":"banner-1544*500.png","revision":3302611,"resolution":"1544x500","location":"assets","locale":""},"banner-772*250.png":{"filename":"banner-772*250.png","revision":3302611,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.1.0","1.4.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3302611,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3302611,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3302611,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3302611,"resolution":"4","location":"assets","locale":""}},"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1556,4932,23853,1591],"plugin_category":[],"plugin_contributors":[243032],"plugin_business_model":[],"class_list":["post-235268","plugin","type-plugin","status-publish","hentry","plugin_tags-api","plugin_tags-developer-tools","plugin_tags-rest-api","plugin_tags-testing","plugin_contributors-jawad0501","plugin_committers-jawad0501"],"banners":{"banner":"https:\/\/ps.w.org\/rest-api-route-tester\/assets\/banner-772*250.png?rev=3302611","banner_2x":"https:\/\/ps.w.org\/rest-api-route-tester\/assets\/banner-1544*500.png?rev=3302611","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/rest-api-route-tester\/assets\/icon-128*128.png?rev=3302611","icon_2x":"https:\/\/ps.w.org\/rest-api-route-tester\/assets\/icon-256*256.png?rev=3302611","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/rest-api-route-tester\/assets\/screenshot-1.png?rev=3302611","caption":""},{"src":"https:\/\/ps.w.org\/rest-api-route-tester\/assets\/screenshot-2.png?rev=3302611","caption":""},{"src":"https:\/\/ps.w.org\/rest-api-route-tester\/assets\/screenshot-3.png?rev=3302611","caption":""},{"src":"https:\/\/ps.w.org\/rest-api-route-tester\/assets\/screenshot-4.png?rev=3302611","caption":""}],"raw_content":"<!--section=description-->\n<p>REST API Route Tester is a powerful tool for WordPress developers and administrators to test and debug REST API endpoints. It provides a user-friendly interface to:<\/p>\n\n<ul>\n<li>View all registered REST API routes<\/li>\n<li>Test routes with different HTTP methods (GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD)<\/li>\n<li>Switch between different user roles to test permissions<\/li>\n<li>Send custom headers and body data<\/li>\n<li>View detailed responses including status codes and timing<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to the <code>\/wp-content\/plugins\/rest-api-route-tester<\/code> directory, or install the plugin through the WordPress plugins screen directly.<\/li>\n<li>Activate the plugin through the 'Plugins' screen in WordPress<\/li>\n<li>Use the Tools-&gt;REST Route Tester screen to use the plugin<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"what%20permissions%20do%20i%20need%20to%20use%20this%20plugin%3F\"><h3>What permissions do I need to use this plugin?<\/h3><\/dt>\n<dd><p>You need to have the 'manage_options' capability to use this plugin, which is typically granted to administrators.<\/p><\/dd>\n<dt id=\"can%20i%20test%20authenticated%20endpoints%3F\"><h3>Can I test authenticated endpoints?<\/h3><\/dt>\n<dd><p>Yes, you can test authenticated endpoints by selecting different user roles from the dropdown menu.<\/p><\/dd>\n<dt id=\"how%20do%20i%20report%20bugs%20and%20request%20features%3F\"><h3>How do I report bugs and request features?<\/h3><\/dt>\n<dd><p>Please open a topic in our WordPress.org support forum with:<\/p>\n\n<ul>\n<li>WordPress version and PHP version<\/li>\n<li>Route and HTTP method<\/li>\n<li>Headers\/body sample (remove secrets)<\/li>\n<li>Expected result vs actual result<\/li>\n<\/ul>\n\n<p>Support forum: https:\/\/wordpress.org\/support\/plugin\/rest-api-route-tester\/<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.4.0<\/h4>\n\n<ul>\n<li>Added URL parameter inputs for routes containing tokens such as <code>{id}<\/code><\/li>\n<li>Param values are URL-encoded, substituted at send time, and persisted in localStorage<\/li>\n<li>Added \"Copy as cURL\" button with method, resolved URL, headers, and body<\/li>\n<li>Fixed resolved-route validation against regex-based WordPress route patterns<\/li>\n<li>Fixed route display formatting for complex regex-style parameters (named captures now render as clean <code>{param}<\/code> tokens)<\/li>\n<li>Added <code>rest_url<\/code> in <code>wprrt_vars<\/code> for more accurate generated cURL commands<\/li>\n<li>Added JS modules: <code>src\/params.js<\/code> and <code>src\/export.js<\/code><\/li>\n<\/ul>\n\n<h4>1.3.0<\/h4>\n\n<ul>\n<li>Added Saved Requests sidebar \u2014 save any request by name, click to restore into active tab<\/li>\n<li>Added auth preset dropdown (No Auth, Bearer Token, API Key, Basic Auth) \u2014 auto-fills Headers field<\/li>\n<li>Saved requests persisted per-user in wp_usermeta (max 100, newest first)<\/li>\n<li>New PHP class WPRRT_Saved_Requests with save, get_all, delete methods<\/li>\n<li>New AJAX actions: wprrt_save_request, wprrt_get_saved_requests, wprrt_delete_request<\/li>\n<li>Auth type selection persisted in localStorage tab state<\/li>\n<li>Two-column layout: sidebar left, request\/response right<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>Introduced Vite build system \u2014 source now lives in src\/ and compiles to assets\/app.js<\/li>\n<li>Modular JS architecture: state.js, tabs.js, request.js, response.js, main.js<\/li>\n<li>Added PrismJS syntax highlighting for JSON responses (GitHub-flavoured light theme)<\/li>\n<li>Build commands: npm run build (production), npm run dev (watch mode)<\/li>\n<li>Fixed: empty request body was rejected with \"Invalid JSON data\" \u2014 empty string now correctly defaults to {}<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Security: Fixed XSS vulnerability in route dropdown \u2014 route names now inserted via textContent, never innerHTML<\/li>\n<li>Security: test_route() now wrapped in try\/finally so temporary test users are always deleted<\/li>\n<li>Security: Added 512 KB payload size limit on request body<\/li>\n<li>Security: Added route existence validation \u2014 unknown routes are rejected before execution<\/li>\n<li>Added support for PATCH, OPTIONS, and HEAD HTTP methods<\/li>\n<li>Response now returns HTTP status code and response headers alongside body data<\/li>\n<li>Response panel now shows a color-coded status badge (2xx green, 3xx blue, 4xx yellow, 5xx red)<\/li>\n<li>Response time displayed as a readable line above the body, not embedded in JSON<\/li>\n<li>Added collapsible Response Headers section in the response panel<\/li>\n<li>Fixed formatRoute() regex to correctly handle optional parameter groups<\/li>\n<li>AJAX failures now show a visible inline error message instead of a silent blank state<\/li>\n<li>Removed all debug console.log() calls from production JS<\/li>\n<li>Removed permanently-hidden dead \"Form Params\" field<\/li>\n<li>JS globals wrapped in WPRRT namespace object to avoid conflicts<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<\/ul>","raw_excerpt":"A WordPress admin tool to quickly test REST API routes, path params, headers, body payloads, and copy requests as cURL.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/235268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=235268"}],"author":[{"embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/jawad0501"}],"wp:attachment":[{"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=235268"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=235268"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=235268"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=235268"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=235268"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/twd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=235268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}