The WordPress REST API allows you to get data in and out of your WordPress site. There are several built-in REST API methods offered in WordPress, each requiring proper authentication before information is received or distributed. Paid Memberships Pro now includes 7 REST API methods for interacting with your membership site data.

The REST API uses JSON objects to send and receive data in your WordPress site. Check out the REST API Handbook for more information about using this API to interact with your WordPress site.

The PMPro REST API

Check a User’s Access to a Post: has_membership_access

This method has two parameters required to test whether the user has access to the specified content. The post_id is a required parameter and you can pass either the user_id or email.

  • post_id: the ID of the post you are checking access for.
  • user_id: the ID of the user whose membership level you want to check.
  • email: the email address of the user whose membership level you want to check.

If the method is successful in communicating with your site, you can expect a boolean (true or false) return value dependent on whether the user has access.

Here is an example URL you could hit to make a user access check request: https://example.com/wp-json/pmpro/v1/has_membership_access?post_id=58&user_id=2. In this example, we are passing the post ID, user ID, and the method name.

Check a User’s Membership Level: get_membership_level_for_user

This method requires one parameter: either the user_id or email of the user whose membership level you want to retrieve.

  • user_id: the ID of the user whose membership level you want to check.
  • email: the email address of the user whose membership level you want to check.

If the method is successful in communicating with your site, you can expect a return value of the membership $level object for the user.

Here is an example URL you could hit to make a user level check request: https://example.com/wp-json/pmpro/v1/get_membership_level_for_user?user_id=1. In this example, we are passing the user ID and the method name.

Check a User’s Membership Levels: get_membership_levels_for_user

This method closely mirrors the get_membership_level_for_user method, but instead of returning a single value, this method returns an array of levels objects. This method requires either the user_id or email parameter to retrieve a user’s membership levels.

  • user_id: the ID of the user whose membership levels you want to check.
  • email: the email address of the user whose membership levels you want to check.

If the method is successful in communicating with your site, you can expect a return value of an array of membership $level objects for the user.

Here is an example URL you could hit to make a user levels check request: https://example.com/wp-json/pmpro/v1/get_membership_levels_for_user?user_id=1. In this example, we are passing the user ID and the method name.

Change a User’s Membership: change_membership_level

This method allows you to change a user’s membership level or create and insert a new WP_User with membership. You can also use this method to cancel membership by setting level_id to 0 in the request. Membership level changes require either the user_id or email parameter to determine the user to update.

  • user_id: the ID of the user whose membership level you want to change.
  • email: the email address of the user whose membership level you want to change. (user_id takes priority if passed in addition to the email parameter).
  • level_id: the ID of the level you would like to change to; A level_id value of ‘0’ will cancel membership.

You only need to pass the user_id OR email. Passing both will honor the user_id above the email address.

Creating New Users with a Membership Level

If you are want to create the user, pass the additional parameters below. These are the default WP_User object fields that are only added for newly created users via the API. The user that gets created will have your site’s default new user role as set under Settings > General in the WordPress admin. Passing these fields for an existing user will not update their user data.

  • create_user: Boolean value if we should try and create the user and then change/assign their membership level (required to create users).
  • first_name: The user’s first name (optional).
  • last_name: The user’s last name (optional).
  • user_login: The username for the user; defaults to user_login if not passed in (optional).
  • user_url: The user’s website (optional).
  • description: The user’s Biographical Info (optional).

These parameters are all part of the default WP_User object that is created and will only run if the user doesn’t already exist in the site. The API does not support updating existing WP_User objects, only existing user memberships.

Note that you cannot create users with the administrator role, even if it is your site’s default role. You must use the pmpro_api_change_membership_level_for_admin_users filter to allow admin users to be changed via this method.

If the method is successful in communicating with your site, you can expect a boolean return value (true or false) depending on whether the level change was completed.

Here is an example URL you could hit to make a user level change request: https://example.com/wp-json/pmpro/v1/change_membership_level?user_id=1&level_id=3. In this example, we are passing the user ID, level ID to change to, and the method name.

Cancel a User’s Membership: cancel_membership_level

This method allows you to cancel a user’s membership level; Cancellation requires two parameters: level_id and either user_id or email to determine what user to process the level cancellation for.

  • user_id: the ID of the user whose membership level you want to cancel.
  • email: the email address of the user whose membership level you want to cancel.
  • level_id: the ID of the level you would like to cancel.

If the method is successful in communicating with your site, you can expect a boolean return value (true or false) depending on whether the level cancellation was completed.

Here is an example URL you could hit to make a user level cancellation request: https://example.com/wp-json/pmpro/v1/cancel_membership_level?user_id=1&level_id=5. In this example, we are passing the user ID, level ID to cancel, and the method name.

Get, Update, Create, or Delete a Membership Level Object: membership_level

This method returns the full PMPro_Membership_Level object for the specified level_id. If you only want to return the level, pass a single parameter, $level_id, in the request. To update the level or create a new level, you need to include additional parameters of the PMPro_Membership_Level object.

  • level_id: the ID of the PMPro_Membership_Level object you would like to return or modify.

If the method is successful in communicating with your site, you can expect a return value of the membership $level object for the requested level ID. If you are updating or creating a new level, the method will return the new or updated level object.

Here is an example URL you could hit to get a $level object: https://example.com/wp-json/pmpro/v1/membership_level/?id=5. In this example, we are passing the requested level ID and the method name.

Permissions required to get, create, or update a membership level are included by default for the administrator role and any user with the pmpro_edit_memberships capability. You must filter the pmpro_rest_api_methods hook to allow level deletion through the API.

Note: Deleting a level through the API will delete the level, remove all users from the level, and cancel their subscriptions at the gateway, if applicable.

Get, Update, or Create a Discount Code Object: discount_code

This method returns the full PMPro_Discount_Code object for the specified code. If you only want to return the discount code, pass a single parameter, $code, in the request. To update the discount code or create a new discount code, you need to include additional parameters of the PMPro_Discount_Code object.

  • code: the code value (i.e. ‘SAVE50’) of the PMPro_Discount_Code object you would like to return or modify.

If the method is successful in communicating with your site, you can expect a return value of the $discount_code object for the requested code value. If you are updating or creating a new discount code, the method will return the new or updated discount code object.

Here is an example URL you could hit to get a $discount_code object: https://example.com/wp-json/pmpro/v1/discount_code/?code=SAVE50. In this example, we are passing the requested code and the method name.

Get a Membership Level After Checkout Options are Applied: checkout_level

This method returns a $checkout_level object, which is built from the field data passed through the API call for a specific checkout after all other checkout options are applied.

level_id or level can be passed as the only required parameter for this endpoint. Requests to this endpoint can include any default field or fields added via custom code or Add Ons. You can also include the code value for a discount_code (i.e. ‘SAVE50’).

Here is an example URL you could hit to request the price for a level where the discount code is SAVE50: https://example.com/wp-json/pmpro/v1/checkout_level?level_id=1&discount_code=SAVE50. In this example, we are passing the level ID and the discount code name. This URL would return the $checkout_level object including the full data for the level with ID 1 after the discount code is applied to the level pricing.

REST API Allowed Methods

By default, the PMPro REST API allows you to use the following methods with all endpoints. The GET method requires subscriber role as a minimum, while all other methods will require the administrator role.

$methods = array( 'GET', 'POST', 'PUT', 'PATCH' );

To enable DELETE, you must hook into the pmpro_rest_api_methods filter and add the 'DELETE' method.

To enable any method other than GET for other roles, you must hook into the pmpro_rest_api_permissions filter.

REST API Authentication

REST API requests must be authenticated. The WordPress REST API Handbook covers some authentication methods in their documentation here. The most straightforward method is to set up basic authentication using the Application Passwords plugin by George Stephanis.

  1. Install and activate the Application Passwords plugin.
  2. Optionally set up a different “administrator” account to use for your REST API authentication. You can also use an existing administrator account.
  3. Edit the user and find the “Application Passwords” section.
  4. Create an application password for the user.
  5. Copy the new password. This user and application password can now be used for authenticating REST API requests.

Here is an example of a PHP method to pass the user and application password with your request.

View a Complete Code Demo of the PMPro REST API Endpoints
Was this article helpful?
YesNo