The WordPress REST API allows you to get data in and out of your WordPress site. There are several built-in REST API methods offered in WordPress, each requiring proper authentication before information is received or distributed. Paid Memberships Pro now includes 7 REST API methods for interacting with your membership site data.

The REST API uses JSON objects to send and receive data in your WordPress site. Check out the REST API Handbook for more information about using this API to interact with your WordPress site.


The PMPro REST API


Check a User’s Access to a Post: has_membership_access

This method has two parameters required to test whether the user has access to the specified content. The post_id is a required parameter and you can pass either the user_id or email.

  • post_id: the ID of the post you are checking access for.
  • user_id: the ID of the user whose membership level you want to check.
  • email: the email address of the user whose membership level you want to check.

If the method is successful in communicating with your site, you can expect a boolean (true or false) return value dependent on whether the user has access.

Here is an example URL you could hit to make a user access check request: https://example.com/wp-json/pmpro/v1/has_membership_access?post_id=58&user_id=2. In this example, we are passing the post ID, user ID, and the method name.


Check a User’s Membership Level: get_membership_level_for_user

This method requires one parameter: either the user_id or email of the user whose membership level you want to retrieve.

  • user_id: the ID of the user whose membership level you want to check.
  • email: the email address of the user whose membership level you want to check.

If the method is successful in communicating with your site, you can expect a return value of the membership $level object for the user.

Here is an example URL you could hit to make a user level check request: https://example.com/wp-json/pmpro/v1/get_membership_level_for_user?user_id=1. In this example, we are passing the user ID and the method name.


Check a User’s Membership Levels: get_membership_levels_for_user

This method closely mirrors the get_membership_level_for_user method, but instead of returning a single value, this method returns an array of levels objects (for use with the Multiple Memberships Per User (MMPU) Add On). This method requires either the user_id or email parameter to retrieve a user’s membership levels.

  • user_id: the ID of the user whose membership levels you want to check.
  • email: the email address of the user whose membership levels you want to check.

If the method is successful in communicating with your site, you can expect a return value of an array of membership $level objects for the user.

Here is an example URL you could hit to make a user levels check request: https://example.com/wp-json/pmpro/v1/get_membership_levels_for_user?user_id=1. In this example, we are passing the user ID and the method name.


Change a User’s Membership: change_membership_level

This method allows you to change a user’s membership level. You can also use this method to cancel membership by setting level_id to 0 in the request. Membership level changes require either the user_id or email parameter to determine the user to update.

  • user_id: the ID of the user whose membership level you want to change.
  • email: the email address of the user whose membership level you want to change.
  • level_id: the ID of the level you would like to change to; A level_id value of ‘0’ will cancel membership.

If the method is successful in communicating with your site, you can expect a boolean return value (true or false) depending on whether the level change was completed.

Here is an example URL you could hit to make a user level change request: https://example.com/wp-json/pmpro/v1/change_membership_level?user_id=1&level_id=3. In this example, we are passing the user ID, level ID to change to, and the method name.


Cancel a User’s Membership: cancel_membership_level

This method allows you to cancel a user’s membership level; Cancellation requires two parameters: level_id and either user_id or email to determine what user to process the level cancellation for.

  • user_id: the ID of the user whose membership level you want to cancel.
  • email: the email address of the user whose membership level you want to cancel.
  • level_id: the ID of the level you would like to cancel.

If the method is successful in communicating with your site, you can expect a boolean return value (true or false) depending on whether the level cancellation was completed.

Here is an example URL you could hit to make a user level cancellation request: https://example.com/wp-json/pmpro/v1/cancel_membership_level?user_id=1&level_id=5. In this example, we are passing the user ID, level ID to cancel, and the method name.


Get, Update, Create, or Delete a Membership Level Object: membership_level

This method returns the full PMPro_Membership_Level object for the specified level_id. If you only want to return the level, pass a single parameter, $level_id, in the request. To update the level or create a new level, you need to include additional parameters of the PMPro_Membership_Level object.

  • level_id: the ID of the PMPro_Membership_Level object you would like to return or modify.

If the method is successful in communicating with your site, you can expect a return value of the membership $level object for the requested level ID. If you are updating or creating a new level, the method will return the new or updated level object.

Here is an example URL you could hit to get a $level object: https://example.com/wp-json/pmpro/v1/membership_level/?id=5. In this example, we are passing the requested level ID and the method name.

Permissions required to get, create, or update a membership level are included by default for the administrator role and any user with the pmpro_edit_memberships capability. You must filter the pmpro_rest_api_methods hook to allow level deletion through the API.

Note: Deleting a level through the API will delete the level, remove all users from the level, and cancel their subscriptions at the gateway, if applicable.

Get, Update, or Create a Discount Code Object: discount_code

This method returns the full PMPro_Discount_Code object for the specified code. If you only want to return the discount code, pass a single parameter, $code, in the request. To update the discount code or create a new discount code, you need to include additional parameters of the PMPro_Discount_Code object.

  • code: the code value (i.e. ‘SAVE50’) of the PMPro_Discount_Code object you would like to return or modify.

If the method is successful in communicating with your site, you can expect a return value of the $discount_code object for the requested code value. If you are updating or creating a new discount code, the method will return the new or updated discount code object.

Here is an example URL you could hit to get a $discount_code object: https://example.com/wp-json/pmpro/v1/discount_code/?code=SAVE50. In this example, we are passing the requested code and the method name.


Get a Membership Level After Checkout Options are Applied: checkout_level

This method returns a $checkout_level object, which is built from the field data passed through the API call for a specific checkout after all other checkout options are applied.

level_id is the only required parameter for this endpoint. Requests to this endpoint can include any default field or fields added via custom code or Add Ons. You can also include the code value for a discount_code (i.e. ‘SAVE50’).

Here is an example URL you could hit to request the price for a level where the discount code is SAVE50: https://example.com/wp-json/pmpro/v1/checkout_level?level_id=1&discount_code=SAVE50. In this example, we are passing the level ID and the discount code name. This URL would return the $checkout_level object including the full data for the level with ID 1 after the discount code is applied to the level pricing.


Get a Collection of Membership Level Objects After Checkout Options are Applied: checkout_levels

This method returns a $checkout_levels object, which includes each individual $checkout_level object built from the field data passed through the API call for a specific checkout after all other checkout options are applied. This endpoint is similar to the checkout_level endpoint and should be used in a Multiple Memberships Per User environment.

level_id is the only required parameter for this endpoint. You can pass a single level ID or multiple level IDs in the format level_id=1+2+3. Requests to this endpoint can include any default field or fields added via custom code or Add Ons. You can also include the code value for a discount_code (i.e. ‘SAVE50’).

Here is an example URL you could hit to request the price for a checkout for levels 1, 2, and 3 in a single checkout, where the discount code is SAVE50: https://example.com/wp-json/pmpro/v1/checkout_levels?level_id=1+2+3&discount_code=SAVE50. In this example, we are passing the level IDs and the discount code name. This URL would return the $checkout_levels object, including an object with the full data for each level in the checkout after the discount code is applied, if the code is valid for the level. This object also includes two values that return the adjusted total initial_payment and the adjusted total initial_payment_formatted.


REST API Allowed Methods

By default, the PMPro REST API allows you to use the following methods with all endpoints. The GET method requires subscriber role as a minimum, while all other methods will require the administrator role.

$methods = array( 'GET', 'POST', 'PUT', 'PATCH' );

To enable DELETE, you must hook into the pmpro_rest_api_methods filter and add the 'DELETE' method.

To enable any method other than GET for other roles, you must hook into the pmpro_rest_api_permissions filter.


REST API Authentication

REST API requests must be authenticated. The WordPress REST API Handbook covers some authentication methods in their documentation here. The most straightforward method is to set up basic authentication using the Application Passwords plugin by George Stephanis.

  1. Install and activate the Application Passwords plugin.
  2. Optionally set up a different “administrator” account to use for your REST API authentication. You can also use an existing administrator account.
  3. Edit the user and find the “Application Passwords” section.
  4. Create an application password for the user.
  5. Copy the new password. This user and application password can now be used for authenticating REST API requests.

Here is an example of a PHP method to pass the user and application password with your request.

View a Complete Code Demo of the PMPro REST API Endpoints