{"id":298188,"date":"2026-04-20T04:17:03","date_gmt":"2026-04-20T04:17:03","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/contesimal-connector\/"},"modified":"2026-04-22T15:50:14","modified_gmt":"2026-04-22T15:50:14","slug":"contesimal-connector","status":"publish","type":"plugin","link":"https:\/\/ltz.wordpress.org\/plugins\/contesimal-connector\/","author":23477484,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.1","stable_tag":"1.0.1","tested":"6.9.4","requires":"5.9","requires_php":"7.4","requires_plugins":null,"header_name":"Contesimal Connector","header_author":"Contesimal","header_description":"Exposes a private REST API on your site so authorized external apps (e.g. Contesimal at contesimal.ai) can publish posts and media using an administrator-managed API key. Does not phone home; see readme for data flow and privacy.","assets_banners_color":"5220a9","last_updated":"2026-04-22 15:50:14","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/contesimal.ai","header_author_uri":"https:\/\/profiles.wordpress.org\/contesimal\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":131,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"contesimal","date":"2026-04-20 04:16:55"},"1.0.1":{"tag":"1.0.1","author":"contesimal","date":"2026-04-22 15:50:14"}},"upgrade_notice":{"1.0.1":"<p>Adds <code>GET \/wp-json\/contesimal\/v1\/users<\/code> for listing author-capable user IDs.<\/p>","1.0.0":"<p>Initial release.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3510394,"resolution":"128x128","location":"assets","locale":""},"icon-256-256.png":{"filename":"icon-256-256.png","revision":3510394,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"Banner-1544x500.png":{"filename":"Banner-1544x500.png","revision":3510394,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3510398,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.0.1"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[610,529,2278,7143,23853],"plugin_category":[57],"plugin_contributors":[260594,260593],"plugin_business_model":[],"class_list":["post-298188","plugin","type-plugin","status-publish","hentry","plugin_tags-categories","plugin_tags-content","plugin_tags-post-types","plugin_tags-publishing","plugin_tags-rest-api","plugin_category-taxonomy","plugin_contributors-contesimal","plugin_contributors-wondermentkirpal","plugin_committers-contesimal"],"banners":{"banner":"https:\/\/ps.w.org\/contesimal-connector\/assets\/banner-772x250.png?rev=3510398","banner_2x":"https:\/\/ps.w.org\/contesimal-connector\/assets\/Banner-1544x500.png?rev=3510394","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/contesimal-connector\/assets\/icon-128x128.png?rev=3510394","icon_2x":"https:\/\/ps.w.org\/contesimal-connector\/assets\/icon-256-256.png?rev=3510394","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Contesimal Connector adds REST API endpoints to your WordPress site, allowing external applications to create and manage content using an API key.<\/p>\n\n<p>Requests are made to your site\u2019s <code>\/wp-json\/contesimal\/v1\/<\/code> endpoints. The plugin does not send any data externally on its own.<\/p>\n\n<p><strong>External services and privacy<\/strong><\/p>\n\n<ul>\n<li><strong>Service:<\/strong> Designed to work with Contesimal (https:\/\/contesimal.ai), but compatible with any client using your API key.<\/li>\n<li><strong>Data received:<\/strong> Post title, content (HTML), excerpt, status, categories, tags, post type, author ID, and media URLs. The optional users endpoint returns public-style author fields (ID, display name, slug) for users who can edit posts\u2014no passwords or email.<\/li>\n<li><strong>Media handling:<\/strong> Your WordPress site may download remote files from provided URLs to create Media Library attachments.<\/li>\n<li><strong>When:<\/strong> Only when a valid API request is sent to your site. No background communication occurs.<\/li>\n<li><strong>Control:<\/strong> External access is enabled only if you share the API key. You can regenerate the key or deactivate the plugin at any time.<\/li>\n<li><strong>Consent:<\/strong> By enabling the plugin and sharing the API key, the site administrator allows external applications to submit content.<\/li>\n<\/ul>\n\n<p><strong>Authentication<\/strong><\/p>\n\n<p>All endpoints require an API key sent in the <code>X-API-Key<\/code> header (or <code>Authorization: Bearer<\/code>).<\/p>\n\n<p>The key is:\n- Generated on your site\n- Stored as a secure hash\n- Managed by administrators only<\/p>\n\n<p>Requests without a valid key are rejected (401). Rate limiting is applied per IP.<\/p>\n\n<p>API keys should be treated as sensitive credentials and only shared with trusted systems.<\/p>\n\n<p><strong>Features<\/strong><\/p>\n\n<ul>\n<li>API key authentication (hashed storage)<\/li>\n<li>Create posts via REST API<\/li>\n<li>List categories, post types, and author-capable users (IDs for <code>author_id<\/code>)<\/li>\n<li>Media import from external URLs<\/li>\n<li>Rate limiting (per IP)<\/li>\n<li>Configurable CORS<\/li>\n<li>Optional request logging (admin only)<\/li>\n<\/ul>\n\n<p><strong>REST endpoints (base: <code>\/wp-json\/contesimal\/v1<\/code>)<\/strong><\/p>\n\n<ul>\n<li><code>GET \/ping<\/code> \u2013 Health check<\/li>\n<li><code>GET \/categories<\/code> \u2013 List categories<\/li>\n<li><code>GET \/post-types<\/code> \u2013 List public post types<\/li>\n<li><code>GET \/users<\/code> \u2013 List users with <code>edit_posts<\/code> (optional <code>session_only<\/code>, <code>search<\/code>, <code>limit<\/code>)<\/li>\n<li><code>POST \/publish<\/code> \u2013 Create post<\/li>\n<li><code>POST \/media\/import<\/code> \u2013 Import media from URLs<\/li>\n<\/ul>\n\n<p>An admin notice is shown when API access is enabled, indicating that external publishing is active.<\/p>\n\n<h3>REST API Reference<\/h3>\n\n<p>All endpoints require: <code>X-API-Key: your_api_key<\/code><\/p>\n\n<h4>GET \/wp-json\/contesimal\/v1\/ping<\/h4>\n\n<p>Returns plugin status.<\/p>\n\n<p><strong>Response:<\/strong>\n{ \"status\": \"ok\", \"plugin\": \"contesimal-connector\", \"version\": \"1.0.0\" }<\/p>\n\n<h4>GET \/wp-json\/contesimal\/v1\/categories<\/h4>\n\n<p>Returns category list.<\/p>\n\n<h4>GET \/wp-json\/contesimal\/v1\/post-types<\/h4>\n\n<p>Returns public post types.<\/p>\n\n<h4>GET \/wp-json\/contesimal\/v1\/users<\/h4>\n\n<p>Returns users who can author posts (<code>edit_posts<\/code>), suitable for <code>author_id<\/code> on <code>POST \/publish<\/code>.<\/p>\n\n<p><strong>Query parameters (all optional):<\/strong><\/p>\n\n\n\n\n  Parameter\n  Description\n\n\n\n\n  search\n  Substring match on login, nicename, or display name\n\n\n  session_only\n  <code>1<\/code> to only include users with stored WordPress session tokens (typically logged in recently)\n\n\n  limit\n  Max results, 1\u2013200 (default 200)\n\n\n\n\n<p><strong>Response (example):<\/strong>\n{ \"success\": true, \"users\": [ { \"id\": 1, \"name\": \"Site Admin\", \"slug\": \"admin\" } ] }<\/p>\n\n<h4>POST \/wp-json\/contesimal\/v1\/publish<\/h4>\n\n<p>Creates a post.<\/p>\n\n<p><strong>Headers:<\/strong>\nContent-Type: application\/json<br \/>\nX-API-Key: your_api_key<\/p>\n\n<p><strong>Body:<\/strong><\/p>\n\n\n\n\n  Field\n  Type\n  Required\n  Description\n\n\n\n\n  title\n  string\n  Yes\n  Post title\n\n\n  content\n  string\n  Yes\n  HTML content\n\n\n  status\n  string\n  No\n  publish, draft, pending, private\n\n\n  excerpt\n  string\n  No\n  Post excerpt\n\n\n  post_type\n  string\n  No\n  Default: post\n\n\n  category_ids\n  array\n  No\n  Category IDs\n\n\n  tags\n  array\n  No\n  Tag names\n\n\n  featured_image_url\n  string\n  No\n  Image URL\n\n\n  author_id\n  integer\n  No\n  Default: 1\n\n\n\n\n<p><strong>Responses:<\/strong>\n- 200 Success\n- 400 Bad request\n- 401 Invalid API key\n- 429 Rate limit exceeded\n- 500 Server error<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin to <code>\/wp-content\/plugins\/<\/code> or install via Plugins screen.<\/li>\n<li>Activate the plugin (API key is generated).<\/li>\n<li>Go to <strong>Settings \u2192 Contesimal Connector<\/strong> and copy your API key.<\/li>\n<li>Configure rate limiting, CORS, and logging if needed.<\/li>\n<li>Use the API key in requests via the <code>X-API-Key<\/code> header.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20the%20plugin%20send%20data%20externally%3F\"><h3>Does the plugin send data externally?<\/h3><\/dt>\n<dd><p>No. The plugin only receives data via API requests made to your site.<\/p><\/dd>\n<dt id=\"who%20can%20use%20the%20api%3F\"><h3>Who can use the API?<\/h3><\/dt>\n<dd><p>Only external applications with your API key.<\/p><\/dd>\n<dt id=\"where%20is%20the%20api%20key%20managed%3F\"><h3>Where is the API key managed?<\/h3><\/dt>\n<dd><p>In <strong>Settings \u2192 Contesimal Connector<\/strong>. It is shown once and stored securely as a hash.<\/p><\/dd>\n<dt id=\"is%20this%20gpl%20compatible%3F\"><h3>Is this GPL compatible?<\/h3><\/dt>\n<dd><p>Yes, GPL v2 or later.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Add <code>GET \/users<\/code> to list author-capable users (ID, name, slug); optional <code>session_only<\/code> for users with active sessions<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial stable release<\/li>\n<li>REST API for publishing, categories, post types, and media import<\/li>\n<li>API key authentication with hashed storage<\/li>\n<li>Rate limiting, CORS, and optional logging<\/li>\n<li>Admin notice for external publishing awareness<\/li>\n<\/ul>","raw_excerpt":"Publish content to WordPress from external applications via a secure REST API using API key authentication.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ltz.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/298188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ltz.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ltz.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ltz.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=298188"}],"author":[{"embeddable":true,"href":"https:\/\/ltz.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/contesimal"}],"wp:attachment":[{"href":"https:\/\/ltz.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=298188"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ltz.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=298188"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ltz.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=298188"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ltz.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=298188"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ltz.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=298188"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ltz.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=298188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}