## API Performance Matters<\/p>\n
Slow API responses hurt user experience and waste resources. Let’s optimize.<\/p>\n
## Caching Strategies<\/p>\n
### Transient Caching<\/p>\n
Cache expensive queries:<\/p>\n
“`php
\nfunction get_popular_posts_api() {
\n $cache_key = ‘popular_posts_api’;
\n $cached = get_transient($cache_key);<\/p>\n
if ($cached !== false) {
\n return $cached;
\n }<\/p>\n
\/\/ Expensive query
\n $posts = new WP_Query([
\n ‘posts_per_page’ => 10,
\n ‘meta_key’ => ‘views_count’,
\n ‘orderby’ => ‘meta_value_num’,
\n ‘order’ => ‘DESC’
\n ]);<\/p>\n
$data = array_map(function($post) {
\n return [
\n ‘id’ => $post->ID,
\n ‘title’ => $post->post_title,
\n ‘views’ => get_post_meta($post->ID, ‘views_count’, true)
\n ];
\n }, $posts->posts);<\/p>\n
\/\/ Cache for 1 hour
\n set_transient($cache_key, $data, HOUR_IN_SECONDS);<\/p>\n
return $data;
\n}
\n“`<\/p>\n
### Object Cache<\/p>\n
For more persistent caching:<\/p>\n
“`php
\nfunction get_task_stats() {
\n $cache_key = ‘task_stats’;
\n $stats = wp_cache_get($cache_key, ‘taskmanager’);<\/p>\n
if ($stats !== false) {
\n return $stats;
\n }<\/p>\n
global $wpdb;
\n $stats = $wpdb->get_results(
\n “SELECT status, COUNT(*) as count
\n FROM {$wpdb->prefix}tasks
\n GROUP BY status”
\n );<\/p>\n
wp_cache_set($cache_key, $stats, ‘taskmanager’, 300);<\/p>\n
return $stats;
\n}<\/p>\n
\/\/ Invalidate on changes
\nfunction invalidate_task_cache() {
\n wp_cache_delete(‘task_stats’, ‘taskmanager’);
\n delete_transient(‘popular_posts_api’);
\n}
\nadd_action(‘task_created’, ‘invalidate_task_cache’);
\nadd_action(‘task_updated’, ‘invalidate_task_cache’);
\n“`<\/p>\n
### HTTP Caching Headers<\/p>\n
Let browsers and CDNs cache responses:<\/p>\n
“`php
\nregister_rest_route(‘myplugin\/v1’, ‘\/public-data’, [
\n ‘methods’ => ‘GET’,
\n ‘callback’ => function() {
\n $data = get_public_data();<\/p>\n
$response = new WP_REST_Response($data);<\/p>\n
\/\/ Cache for 5 minutes
\n $response->header(‘Cache-Control’, ‘public, max-age=300’);<\/p>\n
\/\/ ETag for conditional requests
\n $etag = md5(serialize($data));
\n $response->header(‘ETag’, $etag);<\/p>\n
return $response;
\n },
\n ‘permission_callback’ => ‘__return_true’
\n]);
\n“`<\/p>\n
## Reducing Response Size<\/p>\n
### Select Only Needed Fields<\/p>\n
“`php
\n\/\/ Instead of SELECT *
\n$tasks = $wpdb->get_results(
\n “SELECT id, title, status FROM {$wpdb->prefix}tasks”
\n);
\n“`<\/p>\n
### Filter Response Data<\/p>\n
“`php
\nfunction prepare_task_response($task, $context = ‘view’) {
\n $data = [
\n ‘id’ => $task->id,
\n ‘title’ => $task->title,
\n ‘status’ => $task->status
\n ];<\/p>\n
\/\/ Include extra data only when editing
\n if ($context === ‘edit’) {
\n $data[‘created_at’] = $task->created_at;
\n $data[‘created_by’] = $task->created_by;
\n }<\/p>\n
return $data;
\n}
\n“`<\/p>\n
### Pagination<\/p>\n
Never return unlimited results:<\/p>\n
“`php
\n‘args’ => [
\n ‘per_page’ => [
\n ‘default’ => 10,
\n ‘maximum’ => 100, \/\/ Hard limit
\n ‘minimum’ => 1
\n ]
\n]
\n“`<\/p>\n
## Query Optimization<\/p>\n
### Use Proper Indexes<\/p>\n
“`sql
\n— Add indexes for frequently queried columns
\nALTER TABLE wp_tasks ADD INDEX status_idx (status);
\nALTER TABLE wp_tasks ADD INDEX created_by_idx (created_by);
\nALTER TABLE wp_tasks ADD INDEX created_at_idx (created_at);
\n“`<\/p>\n
### Avoid N+1 Queries<\/p>\n
“`php
\n\/\/ \u274c Bad: N+1 queries
\nfunction get_tasks_with_users_bad() {
\n $tasks = $wpdb->get_results(“SELECT * FROM {$wpdb->prefix}tasks”);<\/p>\n
foreach ($tasks as &$task) {
\n \/\/ One query per task!
\n $task->user = get_userdata($task->created_by);
\n }<\/p>\n
return $tasks;
\n}<\/p>\n
\/\/ \u2705 Good: Single join query
\nfunction get_tasks_with_users_good() {
\n global $wpdb;<\/p>\n
return $wpdb->get_results(”
\n SELECT t.*, u.display_name as user_name, u.user_email
\n FROM {$wpdb->prefix}tasks t
\n LEFT JOIN {$wpdb->users} u ON t.created_by = u.ID
\n ORDER BY t.created_at DESC
\n LIMIT 20
\n “);
\n}
\n“`<\/p>\n
## Rate Limiting<\/p>\n
Prevent abuse:<\/p>\n
“`php
\nfunction check_rate_limit(WP_REST_Request $request) {
\n $user_id = get_current_user_id();
\n $ip = $_SERVER[‘REMOTE_ADDR’];
\n $key = “rate_limit_{$user_id}_{$ip}”;<\/p>\n
$requests = get_transient($key) ?: 0;<\/p>\n
if ($requests >= 100) { \/\/ 100 requests per minute
\n return new WP_Error(
\n ‘rate_limited’,
\n ‘Too many requests. Please try again later.’,
\n [‘status’ => 429]
\n );
\n }<\/p>\n
set_transient($key, $requests + 1, MINUTE_IN_SECONDS);<\/p>\n
return true;
\n}<\/p>\n
\/\/ Apply to endpoint
\nregister_rest_route(‘myplugin\/v1’, ‘\/expensive-operation’, [
\n ‘methods’ => ‘POST’,
\n ‘callback’ => ‘do_expensive_operation’,
\n ‘permission_callback’ => ‘check_rate_limit’
\n]);
\n“`<\/p>\n
## Best Practices Summary<\/p>\n
| Practice | Why |
\n|———-|—–|
\n| Use proper HTTP methods | Semantic clarity, caching |
\n| Return appropriate status codes | Client error handling |
\n| Validate all input | Security |
\n| Sanitize output | XSS prevention |
\n| Paginate collections | Performance |
\n| Version your API | Backward compatibility |
\n| Document endpoints | Developer experience |
\n| Use consistent naming | `snake_case` for JSON keys |<\/p>\n
## Security Checklist<\/p>\n
“`php
\n\/\/ \u2705 Always validate & sanitize
\n$title = sanitize_text_field($request->get_param(‘title’));<\/p>\n
\/\/ \u2705 Use proper capabilities
\nif (!current_user_can(‘manage_options’)) {
\n return new WP_Error(‘forbidden’, ‘Access denied’, [‘status’ => 403]);
\n}<\/p>\n
\/\/ \u2705 Verify ownership
\nif ($task->created_by !== get_current_user_id()) {
\n return new WP_Error(‘forbidden’, ‘Not your task’, [‘status’ => 403]);
\n}<\/p>\n
\/\/ \u2705 Escape output
\nreturn [
\n ‘title’ => esc_html($task->title),
\n ‘url’ => esc_url($task->url)
\n];
\n“`<\/p>\n
## Monitoring<\/p>\n
Log slow queries and errors:<\/p>\n
“`php
\nadd_action(‘rest_request_after_callbacks’, function($response, $handler, $request) {
\n global $wpdb;<\/p>\n
\/\/ Log slow requests
\n $time = timer_stop();
\n if ($time > 1.0) { \/\/ Over 1 second
\n error_log(sprintf(
\n ‘Slow REST API: %s %s took %.2fs’,
\n $request->get_method(),
\n $request->get_route(),
\n $time
\n ));
\n }<\/p>\n
\/\/ Log DB query count
\n if ($wpdb->num_queries > 50) {
\n error_log(sprintf(
\n ‘High query count: %s had %d queries’,
\n $request->get_route(),
\n $wpdb->num_queries
\n ));
\n }<\/p>\n
return $response;
\n}, 10, 3);
\n“`<\/p>\n
## Congratulations!<\/p>\n
You’ve completed the WordPress REST API Mastery tutorial!<\/p>\n
### What You’ve Learned<\/p>\n
– \u2705 REST API architecture and endpoints
\n– \u2705 Advanced querying with filters and embedding
\n– \u2705 Multiple authentication methods
\n– \u2705 Create, Update, Delete operations
\n– \u2705 Building custom endpoints
\n– \u2705 JavaScript frontend integration
\n– \u2705 Performance optimization<\/p>\n
### Next Steps<\/p>\n
1. **Build a headless app** with Next.js or React
\n2. **Create a mobile app** using React Native
\n3. **Integrate external services** like CRMs or email platforms
\n4. **Build custom Gutenberg blocks** that use the API<\/p>\n
Optimize API performance with caching, reduce response times, and follow REST API best practices.<\/p>\n","protected":false},"featured_media":0,"template":"","meta":[],"tutorial_series":[],"lesson_level":[],"class_list":["post-330","lesson","type-lesson","status-publish","hentry"],"yoast_head":"\n