Examples of using WordPress REST API
In the older versions of WordPress, you used to need to download and install the WP REST API plugin in order for other webapp to access your site data using REST API. But with the latest versions of WordPress (such as WordPress 4.7 as of this writing). The REST API framework comes bundled and enabled by default.
This means that anyone can navigate to your site domain name and put in “http://www.example.com/wp-json/wp/v2/posts” in the URL and see your posts.
Or a particular post id …
Or the list of pages…
Or even the list of usernames …
Although, it doesn’t show the user’s passwords, this display increases the vulnerability of the site. And that is why we have a tutorial on how to disable the WordPress REST API.
See docs for a more complete listing of the WordPress REST API endpoints, which includes “posting” (requires authentication of course).