# WordPress REST API vs admin-ajax.php: The Modern Choice We're still coming across newly written code from WordPress developers that use `admin-ajax.php` for AJAX requests. The WordPress REST API was released almost ten years ago and it's faster, more secure, and significantly easier to work with. ## The problem with `admin-ajax.php` `admin-ajax.php` is a legacy system that predates the REST API. While it still works, it comes with drawbacks: - **Performance**: It loads the entire WordPress admin environment on every request, even when you don't need it - **No HTTP verb support**: Everything goes through `POST`, making endpoints less semantic - **Limited structure**: Actions are just strings with no built-in routing or parameter validation According to [Delicious Brains' performance testing](https://deliciousbrains.com/comparing-wordpress-rest-api-performance-admin-ajax-php/), REST API endpoints can be significantly faster than `admin-ajax.php` because they bypass unnecessary admin overhead. ## Using the REST API Here's a complete example showing how clean REST API code can be: ``` register_rest_route('app/v1', '/endpoint', [ 'methods' => 'GET', 'callback' => 'callbackFunction', 'permission_callback' => fn () => current_user_can('manage_options'), ]); public function callbackFunction() { return ['status' => 'ok', 'message' => 'It works!']; } ``` ``` fetch('/wp-json/app/v1/endpoint', { method: 'GET', }) .then(response => response.json()) .then(data => { console.log('Success:', data); }) .catch(error => { console.error('Error:', error); }); ``` ## Why the REST API is better **Built-in Security**: The `permission_callback` is required, forcing you to think about security upfront **True RESTful Design**: Use proper HTTP methods (`GET`, `POST`, `PUT`, `DELETE`) that match your intent and your API becomes self-documenting **Better Performance**: No admin overhead means faster responses and lower server load **Modern Standards**: REST APIs are industry-standard, making your code more familiar to developers and easier to integrate with external tools **Automatic Discovery**: WordPress automatically documents your endpoints at `/wp-json/`, making testing and integration simpler ## When to use each **REST API**: Everything. New projects, new features, any AJAX functionality. **`admin-ajax.php`**: Only when maintaining legacy code where refactoring isn't justified. ## Making the switch The WordPress REST API has been part of core since version 4.7 (released in 2016). There's no reason to keep building with `admin-ajax.php`. The REST API is faster, more secure, and follows modern web standards. For a comprehensive guide on using the REST API, check out the [official WordPress tutorial](https://learn.wordpress.org/tutorial/using-the-wordpress-rest-api/). Treat `admin-ajax.php` like you'd treat jQuery: legacy code that shouldn't appear in new projects.