Skip to content

Dynamic Endpoint Support

WordPress REST API routes with variable segments — like post IDs, user slugs, or taxonomy terms — get dedicated handling in Endpoint Manager Pro. The plugin detects them automatically, labels them clearly, and provides a guided preview modal so you can test parameterized routes without constructing URLs by hand.

What It Does

Routes like /wp/v2/posts/(?P<id>[\d]+) are dynamic: one or more URL segments change with every request because they accept variable input. Endpoint Manager parses these regex patterns, tags them as “Dynamic” in the endpoint list, and provides a fill-in-the-blanks preview modal that shows the full route structure with named input fields for each parameter.

The modal pre-fills sensible defaults for each parameter, so you can submit immediately or adjust the values to test specific resources. The resolved URL opens in a new tab, showing the live API response.

Key Capabilities

  • Automatic detection of dynamic route parameters in any registered endpoint
  • Clear visual label distinguishing dynamic routes from static ones
  • Fill-in-the-blanks preview modal with named input fields for each parameter
  • Auto-detected default values pre-filled for every parameter
  • Inline route structure display so you see the URL format before submitting
  • Enable or block dynamic endpoints using the same toggle as static routes
  • Works with all namespaces — WordPress core, WooCommerce, and third-party plugins

How to Use It

Dynamic endpoints are identified automatically in the endpoint list. Use the route type filter to show only dynamic routes, then click Preview on any row to open the parameter modal, fill in your values, and test the resolved URL in a new tab.

To block a dynamic route, toggle it off just like any static endpoint. Blocked requests are recorded in the security logs with the full request details.

Why It Matters

Dynamic routes accept arbitrary input from the URL, making them harder to audit than fixed-path routes. They are also the most common target for injection attacks and resource enumeration — an attacker can increment an ID parameter to probe for data they should not access.

Surfacing dynamic routes clearly, providing guided parameter entry, and letting you block them with a single toggle removes the friction of managing the most security-sensitive part of your REST API.

Frequently Asked Questions

How does Endpoint Manager detect dynamic routes?

The plugin parses the route patterns registered with the WordPress REST API. Any route containing regex capture groups (e.g., (?P<id>[\d]+)) is classified as dynamic. This detection is automatic and works for all namespaces.

Can I block a dynamic route while keeping the static version of the same resource?

Yes. Static and dynamic routes are listed separately, so you can block /wp/v2/posts/(?P<id>[\d]+) while keeping /wp/v2/posts enabled. This lets you allow collection endpoints while restricting single-resource access.

Does the preview modal work with custom plugin endpoints?

Yes. Any registered REST API route with dynamic segments gets the guided preview modal, regardless of which plugin or theme registered it.