What the REST API is #
The WordPress REST API is a communication channel between the browser and the server. When modern WordPress features need to send or receive data without reloading the entire page, they use the REST API. The Block Editor uses it constantly: when you save a draft, when you search for media, when you preview a post. WooCommerce uses it for cart updates and order processing. Many plugins use it for their own dynamic functionality.
REST stands for Representational State Transfer. The API part means it’s a set of defined ways to ask WordPress for data or send data to WordPress using URLs and HTTP requests. You don’t need to understand the mechanics of REST to use Loupely. You need to know what it is because Loupely’s own connection between the Chrome extension and the WordPress Plugin runs through an authenticated REST API Endpoint, and because a blocked REST API is a common cause of both general WordPress failures and specific Loupely connection problems.
Why the REST API being blocked causes problems #
If a security plugin or server firewall blocks REST API requests, the consequences ripple through everything that depends on it. The Block Editor may fail to save. WooCommerce cart updates may stop working. Contact Form plugins that use AJAX may go silent. And the Loupely Chrome extension will be unable to retrieve server-side diagnostic data, falling back to browser-only mode.
Fully disabling the REST API is a security measure that appears in some hardening guides. The problem is that modern WordPress depends on it for core functionality. A better approach is restricting unauthenticated access to sensitive endpoints while keeping the API accessible for authenticated requests and for the endpoints that plugins legitimately need.
How to test if the REST API is working #
Navigate to https://yoursite.com/wp-json/ in a browser tab while logged out. If it returns a JSON response (a page starting with a curly brace and containing structured data about your site), the REST API is accessible. If it returns a 403 error or your site’s 404 page, something is blocking it. See WordPress REST API Blocked or Not Working for how to diagnose and fix the block.
Loupely’s REST API Endpoint #
The Loupely WordPress Plugin registers one endpoint: /wp-json/loupely/v1/capture. Requests to this endpoint require the connection key in the request header. The endpoint is read-only. It returns diagnostic log data for the current capture session. It cannot write to your WordPress installation or execute arbitrary code. When the Loupely extension shows “Not connected” or “Browser only,” checking whether this specific endpoint is accessible is the correct first diagnostic step.