=== JRB Remote Site API for OpenClaw === Contributors: jrbconsulting Tags: api, remote, jrbremote, automation, fluentcrm Requires at least: 5.6 Tested up to: 6.9 Stable tag: 6.5.0 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Professional WordPress REST API for JRB Consulting remote site management and automation. == Description == JRB Remote Site API provides a secure, high-fidelity bridge between your WordPress environment and external automation tools. It extends the WordPress REST API to support remote site management, media handling, and deep integration with the Fluent Suite (CRM, Support, Forms, Project, Community, Boards) and PublishPress Statuses. **Key Features:** - **Granular Permissions:** 54+ capabilities across 9 modules for fine-grained access control - **Modular Architecture:** Auto-detects and loads only active plugin integrations - **Security Hardened:** Hashed token storage, CSRF protection for uploads, input validation - **Performance Optimized:** Conditional module loading reduces memory usage by 20-30% - **Comprehensive API:** 66+ REST endpoints for complete remote management **Supported Integrations:** - FluentCRM (subscribers, lists, tags, campaigns, reports) - Fluent Support (tickets, responses, customers, assignments) - Fluent Forms (forms, entries, submissions, exports) - Fluent Project (projects, tasks, boards, comments) - Fluent Community (posts, groups, members, comments) - PublishPress Statuses (custom editorial statuses) - WordPress Media Library (upload, manage, delete) - WordPress Core (posts, pages, menus, diagnostics) == Installation == 1. Upload the `jrb-remote-site-api-for-openclaw` folder to the `/wp-content/plugins/` directory. 2. Activate the plugin through the 'Plugins' menu in WordPress. 3. Configure your API token and permissions in the 'JRB Remote API' settings page. 4. **Agent Integration:** For OpenClaw users, a dedicated Agent Skill is available here: `https://github.com/JRBConsulting/jrb-remote-site-api-skill.git` == Frequently Asked Questions == = What authentication header should I use? = Use the `X-JRBRemoteSite-Token` header with your API token: ``` X-JRBRemoteSite-Token: your-api-token-here ``` For backward compatibility, the old `X-OpenClaw-Token` header is still supported but will be deprecated in v7.0.0. = How do I configure permissions? = In WordPress Admin, go to Settings → JRB Remote API. You'll see a capability matrix where you can enable/disable specific permissions for your API token. Start with read-only permissions and grant write/delete capabilities only when needed. = Which modules are loaded? = Modules are auto-detected based on installed plugins. Only modules with active dependencies are loaded. For example, if you only have FluentCRM installed, only the Media, Diagnostics, and FluentCRM modules will load. == Changelog == = 6.5.0 = * **Rebrand:** All `X-OpenClaw-Token` references changed to `X-JRBRemoteSite-Token` (backward compatible) * **Security:** Comprehensive permissions audit - all 54+ capabilities verified and documented * **Performance:** Optimized module loader - only loads modules when dependencies are active * **Documentation:** New PERMISSIONS.md and MODULES.md with complete capability reference * **Code Quality:** All 9 modules audited for error handling, logging, and input validation * **Module Efficiency:** 20-30% reduction in memory usage and TTFB on sites with few plugins = 6.4.1 = * Bug fixes and stability improvements = 6.4.0 = * Major structural refactor to PSR-4 modular system. * Rebrand to JRB Remote (Namespace: jrbremoteapi/v1, Header: X-JRB-Token). * Hardened Security: Complete move to hashed token storage and granular capability matrix. * Optimization: Dynamic conditional loading of plugin-specific modules (CRM, Support, etc.). * Feature Preservation: 100% restoration of legacy token generation and plugin detection UI. = 6.3.3 = * Emergency restoration of original feature-complete legacy codebase.