The WordPress REST API allows you to get data in and out of your WordPress site. There are several built-in REST API methods offered in WordPress, each requiring proper authentication before information is received or distributed. Paid Memberships Pro now includes 13 REST API methods for interacting with your membership site data.

The REST API uses JSON objects to send and receive data in your WordPress site. Check out the REST API Handbook for more information about using this API to interact with your WordPress site.

The PMPro REST API

Check a User’s Access to a Post: has_membership_access

This method has two parameters required to test whether the user has access to the specified content. The post_id is a required parameter and you can pass either the user_id or email.

  • post_id: the ID of the post you are checking access for.
  • user_id: the ID of the user whose membership level you want to check.
  • email: the email address of the user whose membership level you want to check.

If the method is successful in communicating with your site, you can expect a boolean (true or false) return value dependent on whether the user has access.

Here is an example URL you could hit to make a user access check request: https://example.com/wp-json/pmpro/v1/has_membership_access?post_id=58&user_id=2. In this example, we are passing the post ID, user ID, and the method name.

Check a User’s Membership Level: get_membership_level_for_user

This method requires one parameter: either the user_id or email of the user whose membership level you want to retrieve.

  • user_id: the ID of the user whose membership level you want to check.
  • email: the email address of the user whose membership level you want to check.

If the method is successful in communicating with your site, you can expect a return value of the membership $level object for the user.

Here is an example URL you could hit to make a user level check request: https://example.com/wp-json/pmpro/v1/get_membership_level_for_user?user_id=1. In this example, we are passing the user ID and the method name.

Check a User’s Membership Levels: get_membership_levels_for_user

This method closely mirrors the get_membership_level_for_user method, but instead of returning a single value, this method returns an array of levels objects. This method requires either the user_id or email parameter to retrieve a user’s membership levels.

  • user_id: the ID of the user whose membership levels you want to check.
  • email: the email address of the user whose membership levels you want to check.

If the method is successful in communicating with your site, you can expect a return value of an array of membership $level objects for the user.

Here is an example URL you could hit to make a user levels check request: https://example.com/wp-json/pmpro/v1/get_membership_levels_for_user?user_id=1. In this example, we are passing the user ID and the method name.

Change a User’s Membership: change_membership_level

This method allows you to change a user’s membership level or create and insert a new WP_User with membership. You can also use this method to cancel membership by setting level_id to 0 in the request. Membership level changes require either the user_id or email parameter to determine the user to update.

  • user_id: the ID of the user whose membership level you want to change.
  • email: the email address of the user whose membership level you want to change. (user_id takes priority if passed in addition to the email parameter).
  • level_id: the ID of the level you would like to change to; A level_id value of ‘0’ will cancel membership.

You only need to pass the user_id OR email. Passing both will honor the user_id above the email address.

Creating New Users with a Membership Level

If you are want to create the user, pass the additional parameters below. These are the default WP_User object fields that are only added for newly created users via the API. The user that gets created will have your site’s default new user role as set under Settings > General in the WordPress admin. Passing these fields for an existing user will not update their user data.

  • create_user: Boolean value if we should try and create the user and then change/assign their membership level (required to create users).
  • first_name: The user’s first name (optional).
  • last_name: The user’s last name (optional).
  • user_login: The username for the user; defaults to user_login if not passed in (optional).
  • user_url: The user’s website (optional).
  • description: The user’s Biographical Info (optional).

These parameters are all part of the default WP_User object that is created and will only run if the user doesn’t already exist in the site. The API does not support updating existing WP_User objects, only existing user memberships.

Note that you cannot create users with the administrator role, even if it is your site’s default role. You must use the pmpro_api_change_membership_level_for_admin_users filter to allow admin users to be changed via this method.

If the method is successful in communicating with your site, you can expect a boolean return value (true or false) depending on whether the level change was completed.

Here is an example URL you could hit to make a user level change request: https://example.com/wp-json/pmpro/v1/change_membership_level?user_id=1&level_id=3. In this example, we are passing the user ID, level ID to change to, and the method name.

Cancel a User’s Membership: cancel_membership_level

This method allows you to cancel a user’s membership level; Cancellation requires two parameters: level_id and either user_id or email to determine what user to process the level cancellation for.

  • user_id: the ID of the user whose membership level you want to cancel.
  • email: the email address of the user whose membership level you want to cancel.
  • level_id: the ID of the level you would like to cancel.

If the method is successful in communicating with your site, you can expect a boolean return value (true or false) depending on whether the level cancellation was completed.

Here is an example URL you could hit to make a user level cancellation request: https://example.com/wp-json/pmpro/v1/cancel_membership_level?user_id=1&level_id=5. In this example, we are passing the user ID, level ID to cancel, and the method name.

Get, Update, Create, or Delete a Membership Level Object: membership_level

This method returns the full PMPro_Membership_Level object for the specified level_id. If you only want to return the level, pass a single parameter, $level_id, in the request. To update the level or create a new level, you need to include additional parameters of the PMPro_Membership_Level object.

  • level_id: the ID of the PMPro_Membership_Level object you would like to return or modify.

If the method is successful in communicating with your site, you can expect a return value of the membership $level object for the requested level ID. If you are updating or creating a new level, the method will return the new or updated level object.

Here is an example URL you could hit to get a $level object: https://example.com/wp-json/pmpro/v1/membership_level/?id=5. In this example, we are passing the requested level ID and the method name.

Permissions required to get, create, or update a membership level are included by default for the administrator role and any user with the pmpro_edit_memberships capability. You must filter the pmpro_rest_api_methods hook to allow level deletion through the API.

Note: Deleting a level through the API will delete the level, remove all users from the level, and cancel their subscriptions at the gateway, if applicable.

Get All Membership Levels: membership_levels

Added in PMPro 3.0. Returns an array of all PMPro_Membership_Level objects for your site, including inactive levels. This endpoint requires no parameters and is publicly accessible — no authentication required.

Here is an example URL: https://example.com/wp-json/pmpro/v1/membership_levels

The response is an array of level objects. Confirmation messages are hidden from users who are not admins and do not hold that level.

Get, Update, or Create a Discount Code Object: discount_code

This method returns the full PMPro_Discount_Code object for the specified code. If you only want to return the discount code, pass a single parameter, $code, in the request. To update the discount code or create a new discount code, you need to include additional parameters of the PMPro_Discount_Code object.

  • code: the code value (i.e. ‘SAVE50’) of the PMPro_Discount_Code object you would like to return or modify.

If the method is successful in communicating with your site, you can expect a return value of the $discount_code object for the requested code value. If you are updating or creating a new discount code, the method will return the new or updated discount code object.

Here is an example URL you could hit to get a $discount_code object: https://example.com/wp-json/pmpro/v1/discount_code/?code=SAVE50. In this example, we are passing the requested code and the method name.

Get an Order: order

Added in PMPro 2.8. Returns a order object for the specified order code.

  • code (required): The order code (e.g. ORD-ABC123).

Here is an example URL: https://example.com/wp-json/pmpro/v1/order?code=ORD-ABC123

The response includes: id, code, user_id, membership_id, billing, subtotal, tax, total, payment_type, cardtype, accountnumber, expirationmonth, expirationyear, status, gateway, gateway_environment, payment_transaction_id, subscription_transaction_id, timestamp, affiliate_id, affiliate_subid, notes, and checkout_id.

Permissions: Requires the pmpro_orders capability. Members can also retrieve their own orders without that capability.

Get a Membership Level After Checkout Options are Applied: checkout_level

This method returns a $checkout_level object, which is built from the field data passed through the API call for a specific checkout after all other checkout options are applied.

level_id or level can be passed as the only required parameter for this endpoint. Requests to this endpoint can include any default field or fields added via custom code or Add Ons. You can also include the code value for a discount_code (i.e. ‘SAVE50’).

Here is an example URL you could hit to request the price for a level where the discount code is SAVE50: https://example.com/wp-json/pmpro/v1/checkout_level?level_id=1&discount_code=SAVE50. In this example, we are passing the level ID and the discount code name. This URL would return the $checkout_level object including the full data for the level with ID 1 after the discount code is applied to the level pricing.

Get or Set Content Restrictions: post_restrictions

Added in PMPro 3.0. Returns or updates the membership level IDs restricting a given post. Use a GET request to retrieve the current restrictions; use POST, PUT, or PATCH to update them.

Get Restrictions

  • post_id (required): The ID of the post to retrieve restrictions for.

Example URL: https://example.com/wp-json/pmpro/v1/post_restrictions?post_id=42

Returns an array of objects, each with a membership_id field representing a level restricting the post. An empty array means the post has no level restrictions.

Set Restrictions

  • post_id (required): The ID of the post to update.
  • level_ids (required): An array of membership level IDs to restrict the post to. Pass an empty array to remove all restrictions.

Returns a success field containing the updated array of level IDs on success.

Permissions: Requires the edit_post capability for the specified post_id.

Start a Background Export: export/start

Added in PMPro 3.7. Initiates a CSV export for the specified type. For small datasets, the export runs synchronously and returns a download_url immediately. For larger datasets, it runs asynchronously via Action Scheduler and returns an export_id you can use to poll for progress using the export/status endpoint.

Method: POST

Example URL: https://example.com/wp-json/pmpro/v1/export/start

  • type (required): Export type. Accepted values: members, orders.
  • l: Filter by membership level ID (int or string).
  • s: Search string to filter results.
  • force_async: Boolean. Force background processing even for small datasets. Useful for testing the async flow.

On success, the response includes an export_id, type, status, total_count, and processed_count. If the export completes synchronously, status will be complete and a download_url will be included. If the export runs asynchronously, status will be running — poll the export/status endpoint until complete.

On error, the response returns an error string describing the problem (e.g., "Missing export type.").

Admin-only endpoint: export/start and export/status authenticate against WordPress user capabilities (manage_options, pmpro_memberslistcsv, or pmpro_orderscsv, resolved per export type). They do not use the pmpro_rest_api_secret key used by the public-facing PMPro REST API methods. Standard WordPress REST API authentication is required — see the Authentication section below.

Check Export Progress: export/status

Added in PMPro 3.7. Returns the current status of an export. Poll this endpoint until status is complete or error. If export_id is omitted, returns the active export for the current user and type.

Method: GET

Example URL: https://example.com/wp-json/pmpro/v1/export/status?type=members&export_id=abc123

  • type (required): Export type. Accepted values: members, orders.
  • export_id: The export_id returned from export/start. If omitted, returns the active export for the current user and type.

The response includes export_id, type, status, total_count, and processed_count. When status is complete, a download_url is included. Possible status values: running, queued, complete, error, cancelled.

The download_url is a signed, authenticated URL valid only for the user who initiated the export. It will expire after use.

Requires the same capability as export/startmanage_options, pmpro_memberslistcsv, or pmpro_orderscsv depending on the export type.

REST API Allowed Methods

By default, the PMPro REST API allows you to use the following methods with all endpoints. The GET method requires subscriber role as a minimum, while all other methods will require the administrator role.

$methods = array( 'GET', 'POST', 'PUT', 'PATCH' );

To enable DELETE, you must hook into the pmpro_rest_api_methods filter and add the 'DELETE' method.

To enable any method other than GET for other roles, you must hook into the pmpro_rest_api_permissions filter.

REST API Authentication

REST API requests must be authenticated. The WordPress REST API Handbook covers some authentication methods in their documentation here. The most straightforward method is to set up basic authentication using the Application Passwords plugin by George Stephanis.

  1. Install and activate the Application Passwords plugin.
  2. Optionally set up a different “administrator” account to use for your REST API authentication. You can also use an existing administrator account.
  3. Edit the user and find the “Application Passwords” section.
  4. Create an application password for the user.
  5. Copy the new password. This user and application password can now be used for authenticating REST API requests.

Here is an example of a PHP method to pass the user and application password with your request.

View a Complete Code Demo of the PMPro REST API Endpoints

Get Support From Our Team of Experts

For more help with this PMPro feature, check out our Support Page with three ways to get support as a free or premium member.

Get Support

Last updated on April 1, 2026

Was this article helpful?
YesNo