API Reference
Integrate XeroWP into your own tools and workflows via our REST API.
Sections
Authentication
All API endpoints require a Bearer token issued by Laravel Sanctum. Include it in the Authorization header of every request.
Authorization: Bearer <your-token>
Tokens can be created from your account API Keys page. All requests must use HTTPS.
Base URL
https://xerowp.com
/api/auth/checkCheck Authentication
Returns whether the current access token is valid and authenticated.
Response
{
"authenticated": true
}/api/auth/userGet Authenticated User
Returns the currently authenticated user with account details.
Response
{
"authenticated": true,
"user": {
"id": 1,
"name": "John Doe",
"email": "[email protected]",
"created_at": "2025-01-01T00:00:00.000000Z"
}
}/api/sitesList Sites
Returns all sites belonging to the authenticated user, excluding deleted sites. Includes plan and location.
Response
{
"data": [
{
"pid": "550e8400-e29b-41d4-a716-446655440000",
"domain": "my-site.xeropress.xyz",
"status": 1,
"status_label": "Active",
"dns_verified": true,
"php_version": "8.2",
"wp_version": "6.9.4",
"db_version": "mysql-8.4",
"billing_cycle": 3,
"billing_status": 1,
"amount": 0,
"expires_at": null,
"created_at": "2025-01-01T00:00:00.000000Z",
"updated_at": "2025-01-02T00:00:00.000000Z",
"plan": { "id": 1, "name": "Trial" },
"location": { "id": 1, "name": "US East" }
}
]
}/api/sitesCreate Site
Creates a new WordPress site for the authenticated user. A subdomain under xeropress.xyz is auto-generated when no domain is provided. Site preparation is dispatched automatically once DNS resolves.
Request Body
| Name | Type | Required | Description |
|---|---|---|---|
| server_location_id | integer | Yes | ID of the server location to deploy the site on. |
| secrets.admin_password | string | Yes | WordPress admin password. |
| config.admin_username | string | Yes | WordPress admin username. |
| config.admin_email | string | Yes | WordPress admin email address. |
| domain | string | No | Custom domain (e.g. example.com). Must not start with www. Auto-generated if omitted. |
| plan_slug | string | No | Plan slug (e.g. starter, pro). Defaults to trial. |
| billing_cycle | string | No | "monthly" or "yearly". Defaults to yearly. Ignored for trial plans. |
| wp_version | string | No | WordPress version (e.g. 6.9.4). Defaults to latest stable. |
| php_version | string | No | PHP version (e.g. 8.2, 8.3). Defaults to 8.2. |
| config.site_title | string | No | WordPress site title. Defaults to the domain prefix. |
| template_id | string | No | Optional site template ID to apply on creation. |
| coupon_code | string | No | Coupon code for a discount. Ignored on trial plans. |
Response
// HTTP 201 Created
{
"pid": "550e8400-e29b-41d4-a716-446655440000",
"domain": "my-site.xeropress.xyz",
"status": 0,
"status_label": "Pending",
"dns_verified": true,
"php_version": "8.2",
"wp_version": "6.9.4",
"billing_cycle": 3,
"billing_status": 3,
"amount": 0,
"expires_at": "2025-02-01T00:00:00.000000Z",
"created_at": "2025-01-01T00:00:00.000000Z",
"plan": { "id": 1, "name": "Trial" }
}Error Responses
{
"message": "The server location id field is required.",
"errors": {
"server_location_id": ["The server location id field is required."],
"secrets.admin_password": ["The secrets.admin password field is required."],
"config.admin_username": ["The config.admin username field is required."],
"config.admin_email": ["The config.admin email field is required."]
}
}{
"message": "No servers available in the selected location."
}/api/sites/{pid}Delete Site
Deletes a site by its PID. Pending sites are removed immediately. Active or suspended sites are queued for deletion and enter a "Deleting" state while server resources are cleaned up.
Path Parameters
| Name | Type | Description |
|---|---|---|
| pid | string (UUID) | The unique public identifier of the site. |
Response
{
"message": "Site deletion initiated."
}Error Responses
{
"message": "This action is unauthorized."
}{
"message": "Not found."
}Need more help? Contact Support