Authorized applications and services access and manage your site content through the WordPress.com REST API. This article explains how the JSON API works, how to control it, and what site data it exposes.
Once you connect Jetpack to your site, the JSON API is enabled by default. For detailed instructions on deactivating it or ensuring it is active, see Control Jetpack Features on the Modules Page.
JSON API for developers
Developers can manage and access the website’s content using WordPress.com’s OAuth2 authentication system and WordPress.com REST API.
Custom post types, custom taxonomies, and JSON API
The JSON API feature does support custom post types and custom taxonomies, but you need to take some steps to make it work smoothly.
You can follow the instructions in this post to add Custom Post Type and metadata support to your site. You can also learn more about the API by visiting the REST API documentation.
What the JSON API exposes
The JSON API acts as a REST API proxy: it forwards authenticated REST API requests from WordPress.com to your live site and returns the current data from your site in the response. Because it reads live site data, the JSON API can expose the full content and settings that an authenticated request is authorized to retrieve.
On WooCommerce sites, this includes full order details, such as customer names, email addresses, shipping and billing addresses, and other personally identifiable information (PII) contained in orders.
The JSON API works differently from Jetpack Sync. Jetpack Sync explicitly excludes PII from the data it syncs to WordPress.com. The JSON API does not sync data on its own; instead, it returns live site data in real time in response to authenticated REST API requests, which can include the PII that Jetpack Sync leaves out.
Automattic support can access this data through the JSON API using the Switch to User function, which allows a support agent to make authenticated requests on your behalf.
Still need help?
Please contact support. We’re happy to advise.
Privacy information
The JSON API is enabled by default once Jetpack is connected to your site. The following table describes the data the JSON API can access and expose.
| Data | Site Owners / Users | Site Visitors |
|---|---|---|
| Data Used | The JSON API exposes live site data in response to authenticated REST API requests, including posts, pages, custom post types, settings, and, on WooCommerce sites, full order details containing personally identifiable information (PII) such as customer names, email addresses, and shipping and billing addresses. Automattic support can access this data through the JSON API using the Switch to User function. | Site visitor data may be included where it is part of live site records, such as PII contained in WooCommerce orders. |
| Activity Tracked | None. | None. |
| Data Synced | None. The JSON API does not sync data to WordPress.com. It returns live site data in real time in response to authenticated REST API requests. This differs from Jetpack Sync, which explicitly excludes PII from the data it syncs. | None. |
Still need help?
Please contact support. We’re happy to advise.