PHPackages cmatosbc/wp-coderpress-endpoints - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. cmatosbc/wp-coderpress-endpoints ActiveLibrary[API Development](/categories/api) cmatosbc/wp-coderpress-endpoints ================================ Endpoints builder and manager for CoderPress 1.0.0(1y ago)311gpl-3.0-or-laterPHPPHP >=8.0 Since Dec 16Pushed 1y ago1 watchersCompare [ Source](https://github.com/cmatosbc/coderpress-endpoints)[ Packagist](https://packagist.org/packages/cmatosbc/wp-coderpress-endpoints)[ RSS](/packages/cmatosbc-wp-coderpress-endpoints/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (4)Versions (2)Used By (0) WP CoderPress Endpoints ======================= [](#wp-coderpress-endpoints) This package intends to provide a more straightforward way to add custom endpoints to Wordpress Rest API (added to mu-plugins with no hooks, as a suggestion), also using a Facade pattern which allows: - To attach PSR-16 compliant cache drivers of any nature - To attach as many middlewares as you want to modify the request or provide a particular response - Interfere in the way cached responses are stored and retrieved (JSON, serialize(), igbinary\_serialize()) - Provide a port to add multiple custom endpoints without repeating code and sharing cache, middleware and variables within, including a dynamic endpoint generation - Offer common middlewares to handle common scenarios in REST API development Installation ------------ [](#installation) Easily install the package using composer: ``` composer require coderpress/wp-coderpress-endpoints ``` Basic Example ============= [](#basic-example) The following example creates a very simple example endpoint to the rest API that comes with two middlewares attached (as \\Closure objects). The first one modifies any passed parameter to "id = 123", which triggers the second middleware and returns a WP\_REST\_Response - this also prevents the cache to be done. If the second middleware is removed, the endpoint is no longer short-circuited, so the results are now serialized and cached in a file within wp-content/cache/. In the example, the cache is managed by FileCache, but this package also includes usable drivers for Redis (using redis-php extension) and MySQL cache, using a custom DB table. ``` use CoderPress\Rest\{RestEndpointFacade, AbstractRestEndpoint}; use CoderPress\Cache\{RedisCache, MySqlCache, FileCache}; require __DIR__ . '/vendor/autoload.php'; $cacheInstance = new FileCache(WP_CONTENT_DIR . '/cache/'); $custom = RestEndpointFacade::createEndpoint( /** The five first arguments stand as they are for register_rest_route() * but with callbacks now accepting \Closure functions instead. * * The middlewares arguments accepts an array of closures which will be * sequentially executed and MUST have a $request parameter. * * The cache mechanism is automatically applied to the endpoint and accepts * any PSR-16 compliant object. Optionally, the expire time and the type * of serialization can be changed. Expires accepts any value in seconds as * integer or a Datetime object (and then the time in seconds between that and * the current time will be automatically extracted) * */ namespace: 'testing/v1', route: 'custom/', args: [ 'id' => [ 'validate_callback' => function($param, $request, $key) { return is_numeric($param); } ], ], callback: function (\WP_REST_Request $request) { $postId = $request->get_param('id'); $postCategoryIds = wp_get_object_terms($postId, ['category'], ['fields' => 'ids']); return get_posts([ 'post_status' => 'publish', 'category__in' => $postCategoryIds, 'order' => 'relevance' ]); }, permissionCallback: function () { return is_user_logged_in(); }, /** * Accepts any number of /Closure middleware functions - to each one of them, * the $request object must be passed. For changes made to the WP_REST_Request object, * the closure must return void(). However, the middleware can also return a response * to the request easily by return a new WP_REST_Response object instead. */ middlewares: [ function (\WP_REST_Request $request) { $request->set_param('id', 123); }, function (\WP_REST_Request $request) { if ($request->get_param('id') == 123) { return new \WP_REST_Response(['message' => 'Invalid value'], 201); } } ], /** * Accepts any instance PSR-16 compliant (CacheInterface contract), * this package comes with 3 usable examples (file, Redis and custom MySQL * table caching drivers). */ cache: $cacheInstance, /** * Accepts 3 different serialize/unserialize methods - defaults to serialize(), * but can be using JSON - AbstractRestEndpoint::SERIALIZE_JSON - or igbinary PHP * extension which offers a more efficient serializing version * - AbstractRestEndpoint::SERIALIZE_IGBINARY. */ cacheSerializingMethod: AbstractRestEndpoint::SERIALIZE_PHP, /** * Accepts seconds as integer value, but also DateTime objects - for the latter, * the system will get the interval between NOW and the passed DateTime object time, * so the cache will work as scheduled. */ cacheExpires: (new \DateTime())->modify('+1 day') ); ``` Middlewares =========== [](#middlewares) The package includes several built-in middlewares to handle common scenarios in REST API development: CORS Middleware --------------- [](#cors-middleware) The CORS (Cross-Origin Resource Sharing) middleware allows you to configure cross-origin requests to your API endpoints. Here's how to use it: ``` use CoderPress\Rest\RestEndpointFacade; use CoderPress\Rest\Middleware\MiddlewareFactory; // Create an endpoint with CORS support RestEndpointFacade::createEndpoint( namespace: 'api/v1', route: 'posts', callback: function($request) { return ['data' => 'Your API response']; }, permissionCallback: function() { return true; }, args: [], methods: ['GET', 'POST', 'OPTIONS'], middlewares: [ MiddlewareFactory::cors( allowedOrigins: ['https://your-domain.com'], allowedMethods: ['GET', 'POST'], allowedHeaders: ['Content-Type', 'X-Custom-Header'], maxAge: 7200 ) ] ); ``` The CORS middleware provides: - Origin validation against a whitelist - Configurable HTTP methods - Customizable allowed headers - Preflight request handling - Configurable cache duration for preflight responses - Credentials support All parameters are optional and come with sensible defaults for typical API usage. Sanitization Middleware ----------------------- [](#sanitization-middleware) The Sanitization middleware provides comprehensive input sanitization and validation for your API endpoints. It helps prevent XSS attacks, SQL injection, and ensures data consistency: ``` use CoderPress\Rest\RestEndpointFacade; use CoderPress\Rest\Middleware\MiddlewareFactory; RestEndpointFacade::createEndpoint( namespace: 'api/v1', route: 'posts', callback: function($request) { return ['data' => $request->get_params()]; }, permissionCallback: function() { return true; }, args: [ 'title' => [ 'required' => true, 'type' => 'string' ], 'content' => [ 'required' => true, 'type' => 'string' ] ], methods: ['POST'], middlewares: [ MiddlewareFactory::sanitization( rules: [ // Custom sanitization rules for specific fields 'title' => fn($value) => sanitize_title($value), 'content' => fn($value) => wp_kses_post($value) ], stripTags: true, encodeSpecialChars: true, allowedHtmlTags: [ 'p' => [], 'a' => ['href' => [], 'title' => []], 'b' => [], 'i' => [] ] ) ] ); ``` The middleware provides: - Field-specific sanitization rules using callbacks - HTML tag stripping with configurable allowed tags - Special character encoding - UTF-8 validation - Recursive array sanitization - WordPress-specific sanitization functions integration - XSS and SQL injection protection All parameters are optional and come with secure defaults. Use the `rules` parameter to define custom sanitization logic for specific fields. ### Health Score 26 — LowBetter than 43% of packages Maintenance39 Infrequent updates — may be unmaintained Popularity6 Limited adoption so far Community8 Small or concentrated contributor base Maturity43 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 518d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/3d97279f52b70d502ac21c0618e2822a0bae0523a7e69bb3fd33a592f21d5f06?d=identicon)[cmatosbc](/maintainers/cmatosbc) --- Top Contributors [![cmatosbc](https://avatars.githubusercontent.com/u/118901076?v=4)](https://github.com/cmatosbc "cmatosbc (3 commits)") --- Tags middlewaresphp-libraryphp8wordpresswordpress-apiwordpress-cachewordpress-endpointwpwp-apiwp-rest-api ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/cmatosbc-wp-coderpress-endpoints/health.svg) ``` [![Health](https://phpackages.com/badges/cmatosbc-wp-coderpress-endpoints/health.svg)](https://phpackages.com/packages/cmatosbc-wp-coderpress-endpoints) ``` ### Alternatives [algolia/algoliasearch-client-php API powering the features of Algolia. 69333.0M114](/packages/algolia-algoliasearch-client-php)[thecodingmachine/graphqlite Write your GraphQL queries in simple to write controllers (using webonyx/graphql-php). 5723.1M30](/packages/thecodingmachine-graphqlite)[team-reflex/discord-php An unofficial API to interact with the voice and text service Discord. 1.1k379.4k24](/packages/team-reflex-discord-php)[wordpress/php-ai-client A provider agnostic PHP AI client SDK to communicate with any generative AI models of various capabilities using a uniform API. 26236.6k14](/packages/wordpress-php-ai-client)[wordpress/wp-ai-client An AI client and API for WordPress to communicate with any generative AI models of various capabilities using a uniform API. 11117.5k1](/packages/wordpress-wp-ai-client)[n1ebieski/ksef-php-client PHP API client that allows you to interact with the API Krajowego Systemu e-Faktur 7228.4k](/packages/n1ebieski-ksef-php-client) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)