XeroWP
tporret API Data Importer
tporret API Data Importer

tporret API Data Importer

0/5 (0 ratings) — active installs Updated May 28, 2026
apicronetlimportJSON
Download v1.3.1 Plugin Website
The Twig Mapping Interface for transforming JSON data.

The Twig Mapping Interface for transforming JSON data.

tporret API Data Importer gives WordPress teams an enterprise-grade ETL pipeline for importing external API data with confidence.

The plugin ships readable source for its generated admin assets. JavaScript and CSS source files are included in the src/ directory, compiled assets are in build/, and the maintained public source repository is available at https://github.com/tporret/enterprise-api-importer.

This readme is written for WordPress administrators and site owners evaluating or using the plugin from the Plugins screen.

Use tporret API Data Importer to run clean, repeatable import workflows without sacrificing flexibility:

  • Multi-Connection Job Manager for organizing and scaling imports
  • React Tabbed Import Job Workspace (Source/Auth, Data Rules, Mapping/Templating, Automation)
  • Advanced JSON array traversal and pre-stage data filtering to remove noise before insertion
  • Twig Templating Engine for complex logic, loops, and nested object mapping without drag-and-drop limitations
  • Twig-powered Post Title Templates with safe sanitization and fallback handling
  • Optional templates for new jobs (start with connection setup, add templates later)
  • Multiple API auth modes: none, bearer token, custom API-key header, and basic auth
  • Per-import Target Post Type selection (posts, pages, and public custom post types)
  • Parent Mapping for hierarchical post types using imported external IDs, WordPress IDs, or slugs
  • Media Mappings for featured images, gallery attachment IDs, and attachment-ID custom fields
  • Per-import Default Target Settings (post status, post author, comment status, pingback/trackback status)
  • Per-import editing lock toggle for imported posts (allow editing or enforce read-only)
  • Time-aware batch processing via WP-Cron to reduce timeout and memory-risk scenarios
  • Multisite support with per-site importer dashboards and an optional Network Admin summary dashboard when the plugin is also active on the primary site
  • [New v1.3] Deep Module Architecture (internal):
    • Tporapdi_Validator — single validation seam for all import job fields
    • Tporapdi_Import_Runner — owns the 5-stage import lifecycle (Extract Filter Stage Transform Load)
    • Tporapdi_Template_Engine — unified Twig rendering seam for all template fields and dry-run previews
    • Tporapdi_Security_Guard — centralised SSRF, CIDR, and Twig security checks shared across save and run paths
    • Tporapdi_Job_Repository, Tporapdi_Queue_Repository, Tporapdi_Log_Repository — domain repositories hiding all SQL and cache management
    • Tporapdi_Media_Ingestor — isolated image sideload, HTML rewrite, featured image, gallery, and attachment-meta mapping logic with idempotent deduplication
    • Tporapdi_Cleanup_Service — chunked garbage collection for staging queue and log tables
    • Reporter self-registration via glob discovery — adding a new dashboard metric requires zero edits to existing files
    • Tporapdi_Lock_Policy — single edit-lock policy seam used by all admin UI affordances
    • TPORAPDI_Defaults_Resolver::normalize() — single normalization seam for post status defaults shared by REST save and import runtime
  • [New v1.2] Tableau-Style Reporting Dashboard: Real-time metrics on environment health, security posture, and API performance with interactive charts, status indicators, and audit activity feed
  • [New] Credential Encryption & REST Masking:
    • AES-256-CBC encryption at rest for auth_token and auth_password fields
    • REST GET responses mask credentials; boolean flags indicate stored state
    • Blank credential fields on update preserve existing encrypted values
    • React UI shows saved-credential indicators with placeholder text
    • apply_filters no longer exposes raw tokens to third-party hooks
  • [New] Import Pipeline Sanitization:
    • Twig-rendered post content sanitized via wp_kses_post before wp_insert_post
    • Custom meta values sanitized via sanitize_text_field before update_post_meta
    • Admin menu pages restricted to manage_options capability (was read)
  • [New] Enterprise-Grade Security Hardening:
    • Dedicated template management capability with multisite support
    • Twig template security validation (disallowed tags, size/complexity limits, syntax checking)
    • Template change audit logging with before/after hashes and actor metadata
    • SSRF prevention via hostname and CIDR allowlisting with DNS resolution
    • Twig variable strictness is filterable, with permissive rendering used by default for resilient imports
    • Imported items locked read-only (no editing, deletion, or quick-edit)

Whether you import catalogs, directory records, listings, events, or custom business data, tporret API Data Importer provides a scalable framework for structured API-to-WordPress ETL.

Built for real-world production workflows:

  • Title templates are rendered via Twig and sanitized before save
  • Target post type safely falls back to post if invalid or unavailable
  • Attachment is excluded by default from target post type selection
  • Default target post settings are validated and applied at load time for consistent publishing/discussion behavior
  • Hierarchical post types can map parent relationships from API fields and reconcile out-of-order parent records
  • Media mappings can sideload featured, gallery, and meta attachments while preserving legacy featured image fallback behavior
  • Imports are staged and processed in queue batches for safer long-running jobs
  • Imported items are cryptographically linked to their origin import (read-only)
  • Template configuration changes are audit-logged with full actor context
  • Endpoints validated against configurable SSRF allowlists and HTTPS enforcement
  • Inline API connection testing, sample payload preview, and template dry-run rendering from the edit workspace

Development

To rebuild generated admin assets from source:

  1. Install Node.js dependencies: npm install
  2. Build production assets: npm run build (uses @wordpress/scripts / webpack)
  3. For a watch/dev build: npm start
  • JavaScript/CSS source lives in src/
  • Production assets are generated into build/
  • The public source repository is https://github.com/tporret/enterprise-api-importer

External services

This plugin connects to external APIs that you configure in each import job.

The plugin does not hardcode any third-party API vendor. Data destination, terms, and privacy practices depend on the endpoint(s) you configure.