GraphQL API for WordPress
- dev-master / 0.9.x-dev
This package is auto-updated.
Last update: 2022-08-18 02:58:10 UTC
Transform your WordPress site into a modern GraphQL server: graphql-api.com.
This plugin is the implementation for WordPress of GraphQL by PoP, a CMS-agnostic GraphQL server in PHP.
👀 Instructions: Installing the GraphQL API for WordPress plugin.
👀 Instructions: Setting-up the development environment.
Check the list of Supported PHP features
build/ folder) is added to the repo, but only as compiled for production, i.e. after running
npm run build.
Code compiled for development, i.e. after running
npm start, cannot be commited/pushed to the repo.
The GraphQL API for WordPress provides safe default settings, to make "live" sites secure:
- The single endpoint is disabled
- The "admin" elements (eg: input field
statusto query posts with status
"draft") are not added to the schema
- Only a few of settings options and meta keys (for posts, users, etc) can be queried
- The number of entities (for posts, users, etc) that can be queried at once is limited
These safe default settings are not needed when building "static" sites, where the WordPress site is not exposed to the Internet. These settings can be used instead:
- The single endpoint is enabled
- The "admin" elements are exposed in the schema
- All settings options and meta keys can be queried
- The number of entities that can be queried at once is unlimited
In development, to enable unsafe defaults, execute:
On a site in production, set in
define( 'GRAPHQL_API_ENABLE_UNSAFE_DEFAULTS', true );
Or define this same key/value as an environment variable.
GraphQL API is extensible, and ships with the following modules (organized by category):
|Single Endpoint||Expose a single GraphQL endpoint under |
|Persisted Queries||Expose predefined responses through a custom URL, akin to using GraphQL queries to publish REST endpoints|
|Custom Endpoints||Expose different subsets of the schema for different targets, such as users (clients, employees, etc), applications (website, mobile app, etc), context (weekday, weekend, etc), and others|
|API Hierarchy||Create a hierarchy of API endpoints extending from other endpoints, and inheriting their properties|
|Schema Configuration||Customize the schema accessible to different Custom Endpoints and Persisted Queries, by applying a custom configuration (involving namespacing, access control, cache control, and others) to the grand schema|
|Schema Namespacing||Automatically namespace types with a vendor/project name, to avoid naming collisions|
|Nested Mutations||Execute mutations from any type in the schema, not only from the root|
|Public/Private Schema||Enable to communicate the existence of some field from the schema to certain users only (private mode) or to everyone (public mode). If disabled, fields are always available to everyone (public mode)|
|Access Control||Set-up rules to define who can access the different fields and directives from a schema|
|Access Control Rule: Disable Access||Remove access to the fields and directives|
|Access Control Rule: User State||Allow or reject access to the fields and directives based on the user being logged-in or not|
|Access Control Rule: User Roles||Allow or reject access to the fields and directives based on the user having a certain role|
|Access Control Rule: User Capabilities||Allow or reject access to the fields and directives based on the user having a certain capability|
|Low-Level Persisted Query Editing||Have access to schema-configuration low-level directives when editing GraphQL queries in the admin|
|Excerpt as Description||Provide a description of the different entities (Custom Endpoints, Persisted Queries, and others) through their excerpt|
|Cache Control||Provide HTTP Caching for Persisted Queries, sending the Cache-Control header with a max-age value calculated from all fields in the query|
|GraphiQL for Single Endpoint||Make a public GraphiQL client available under |
|Interactive Schema for Single Endpoint||Make a public Interactive Schema client available under |
|GraphiQL for Custom Endpoints||Enable custom endpoints to be attached their own GraphiQL client, to execute queries against them|
|Interactive Schema for Custom Endpoints||Enable custom endpoints to be attached their own Interactive schema client, to visualize the custom schema subset|
|GraphiQL Explorer||Add the Explorer widget to the GraphiQL client, to simplify coding the query (by point-and-clicking on the fields)|
|Schema Expose Admin Data||Expose "admin" elements in the GraphQL schema (such as field |
|Schema Custom Posts||Base functionality for all custom posts|
|Schema Generic Custom Posts||Query any custom post type (added to the schema or not), through a generic type |
|Schema Posts||Query posts, through type |
|Schema Pages||Query pages, through type |
|Schema Users||Query users, through type |
|Schema User Roles||Query user roles, through type |
|Schema User Avatars||Query user avatars, through type |
|Schema Comments||Query comments, through type |
|Schema Tags||Base functionality for all tags|
|Schema Post Tags||Query post tags, through type |
|Schema Categories||Base functionality for all categories|
|Schema Post Categories||Query post categories, through type |
|Schema Media||Query media elements, through type |
|Schema Custom Post Meta||Add the |
|Schema User Meta||Add the |
|Schema Comment Meta||Add the |
|Schema Taxonomy Meta||Add the |
|Schema Menus||Query menus, through type |
|Schema Settings||Fetch settings from the site|
|Schema Mutations||Modify data by executing mutations|
|Schema User State Mutations||Have the user log-in, and be able to perform mutations|
|Schema Custom Post Mutations||Base functionality to mutate custom posts|
|Schema Post Mutations||Execute mutations on podyd|
|Schema Custom Post Media Mutations||Execute mutations concerning media items on custom posts|
|Schema Post Media Mutations||Execute mutations concerning media items on posts|
|Schema Post Tag Mutations||Add tags to posts|
|Schema Post Category Mutations||Add categories to posts|
|Schema Comment Mutations||Create comments|
- YouTube video: GraphQL API for WordPress demo
- Making GraphQL Work In WordPress
- Rendering the WordPress philosophy in GraphQL
- Comparing the GraphQL API for WordPress vs WPGraphQL
Articles explaining how the plugin is "downgraded", using PHP 8.1 for development but deployable to PHP 7.1 for production:
- Transpiling PHP code from 8.0 to 7.x via Rector
- Coding in PHP 7.4 and deploying to 7.1 via Rector and GitHub Actions
- Tips for transpiling code from PHP 8.0 down to 7.1
- Including both PHP 7.1 and 8.0 code in the same plugin … or not?
Service container implementation:
Explanation of how the codebase is split into granular packages, to enable CMS-agnosticism:
- Abstracting WordPress Code To Reuse With Other CMSs: Concepts (Part 1)
- Abstracting WordPress Code To Reuse With Other CMSs: Implementation (Part 2)
Description of how the plugin is scoped:
GraphQL API for WordPress is powered by the CMS-agnostic GraphQL server GraphQL by PoP.
Technical information on how the GraphQL server works:
Description of how a GraphQL server using server-side components works:
These articles explain the concepts, design and implementation of GraphQL by PoP:
- Designing a GraphQL server for optimal performance
- Simplifying the GraphQL data model
- Schema-first vs code-first development in GraphQL
- Speeding-up changes to the GraphQL schema
- Versioning fields in GraphQL
- GraphQL directives are underrated
- Treating GraphQL directives as middleware
- Creating an @export GraphQL directive
- Adding directives to the schema in code-first GraphQL servers
- Supporting opt-in nested mutations in GraphQL
- HTTP caching in GraphQL
These articles explain the integration with Gutenberg (the WordPress editor).
To check the coding standards via PHP CodeSniffer, run:
To automatically fix issues, run:
Please see CHANGELOG for more information on what has changed recently.
To execute PHPUnit, run:
To execute PHPStan, run:
To visualize how Rector will downgrade the code to PHP 7.1:
To report a bug or request a new feature please do it on the PoP monorepo issue tracker.
We welcome contributions for this package on the PoP monorepo (where the source code for this package is hosted).
If you discover any security related issues, please email email@example.com instead of using the issue tracker.
GPLv2 or later. Please see License File for more information.