Skip to content

Adds details about DELETE requests #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jonathanbossenger merged 1 commit into from
Nov 28, 2025
Merged

Adds details about DELETE requests #152

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 16 additions & 8 deletions docs/rest-api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -252,26 +252,27 @@ curl https://example.com/wp-json/wp-abilities/v1/my-plugin/get-site-info

## Execute an Ability

Abilities are executed via the `/run` endpoint. The required HTTP method depends on the ability's `readonly` annotation:
Abilities are executed via the `/run` endpoint. The required HTTP method depends on the ability's functionality and [annotations](https://github.com/WordPress/abilities-api/blob/trunk/docs/php-api.md#parameters-explained):

- **Read-only abilities** (`readonly: true`) must use **GET**
- **Regular abilities** (default) must use **POST**
- **Read-only abilities** must use **GET** (`readonly: true`)
- **Regular abilities** must use **GET** when they are readonly (`readonly: true`), and **POST** when they require an input (`readonly: false`)
- **Destructive abilities** (`destructive: true`) must use **DELETE**

This distinction ensures read-only operations use safe HTTP methods that can be cached and don't modify server state.

### Definition

`GET|POST /wp-abilities/v1/(?P<namespace>[a-z0-9-]+)/(?P<ability>[a-z0-9-]+)/run`
`GET|POST|DELETE /wp-abilities/v1/(?P<namespace>[a-z0-9-]+)/(?P<ability>[a-z0-9-]+)/run`

### Arguments

- `namespace` _(string)_: The namespace part of the ability name.
- `ability` _(string)_: The ability name part.
- `input` _(integer|number|boolean|string|array|object|null)_: Optional input data for the ability as defined by its input schema.
- For **GET requests**: pass as `input` query parameter (URL-encoded JSON)
- For **POST requests**: pass in JSON body
- For **GET** and **DELETE** requests: pass as `input` query parameter (URL-encoded JSON)
- For **POST** requests: pass in JSON body

### Example Request (Read-only, GET)
### Example Request (GET)

```bash
# No input
Expand All @@ -281,7 +282,7 @@ curl https://example.com/wp-json/wp-abilities/v1/my-plugin/get-site-info/run
curl "https://example.com/wp-json/wp-abilities/v1/my-plugin/get-user-info/run?input=%7B%22user_id%22%3A1%7D"
```

### Example Request (Regular, POST)
### Example Request (POST)

```bash
# No input
Expand All @@ -294,6 +295,13 @@ curl -X POST \
https://example.com/wp-json/wp-abilities/v1/my-plugin/update-option/run
```

### Example Request (DELETE)

```bash
# With input (URL-encoded)
curl -X DELETE "https://example.com/wp-json/wp-abilities/v1/my-plugin/delete-post/run?input=%7B%22post_id%22%3A123%7D"
```

### Example Response (Success)

```json
Expand Down