How do I install and activate the AutoAPIWP Ingestics plugin on WordPress?

Install Ingestics like a standard WordPress plugin. Upload the ingestics plugin folder or ZIP through WordPress admin, activate it from the Plugins screen, then open Ingestics from the WordPress admin menu. Use the setup wizard to configure your first REST API or RSS provider, review the planned request, and run a manual fetch when ready.

How does AutoAPIWP connect external REST APIs to the WordPress backend natively?

AutoAPIWP Ingestics connects external REST APIs through provider settings inside WordPress. A site administrator enters the endpoint URL, HTTP method, authentication details, headers, body, response format, and field mappings. Ingestics fetches the configured source from WordPress, parses supported response formats such as JSON, XML, CSV, HTML, text, RSS, and Google Sheets CSV URLs, then maps the data into native WordPress posts, metadata, taxonomies, images, and attribution fields.

What type of API authentication methods does AutoAPIWP support for secure workflows?

AutoAPIWP Ingestics supports no-auth/public APIs, API key authentication through query parameters or headers, Bearer token authentication, and HTTP Basic authentication in the core workflow. Commercial tiers add OAuth2 Client Credentials, OAuth2 Authorization Code with refresh-token handling, PKCE-capable support for compatible providers, and AWS Signature Version 4 authentication in Business. Sensitive credentials are handled through the plugin's secret storage and masked in previews and diagnostics.

How do I create and map custom endpoints using AutoAPIWP?

In AutoAPIWP Ingestics, create a custom API provider from the Ingestics admin screen. Add the endpoint URL, choose the request method, configure authentication, headers, request body, and response format, then use the preview and mapping controls to connect response fields to WordPress fields such as title, content, excerpt, source URL, image URL, date, categories, tags, and metadata. Save the provider, review the planned call, and run a manual fetch or scheduled fetch if your tier supports scheduling.

Where can I view error logs and troubleshoot failed API payloads in AutoAPIWP?

Use the Ingestics admin dashboard to review activity logs, provider health information where available, planned-call previews, last-call request and response snapshots, and diagnostic messages. Logs and previews help identify authentication failures, invalid URLs, mapping problems, duplicate skips, filtered items, HTTP errors, rate-limit responses, image sideload issues, and publish errors. Sensitive values are masked in diagnostic output.

Does AutoAPIWP require specialized cloud hosting or external SaaS middleware?

No. AutoAPIWP Ingestics runs inside WordPress and does not require specialized cloud hosting, Zapier, Make, or external SaaS middleware for direct REST API and RSS-to-WordPress workflows. Your WordPress site must be able to reach the configured external endpoints, and scheduled automation relies on WordPress cron or a server cron setup for best reliability on low-traffic sites. Optional external services are used only when specific features are enabled and configured.

Common FAQs | Ingestics API & RSS Automation

Common FAQs

Answers to the most frequently asked questions about Ingestics.

What is Ingestics and how is it different from other content import plugins?

Ingestics is a fully automated content ingestion and publishing pipeline for WordPress. Unlike traditional RSS importers or CSV importers, Ingestics connects to supported REST APIs and RSS/Atom feeds, applies authentication, can run AI-powered content transformation when Business features are configured, enforces content quality filters by tier, and supports manual, scheduled, and webhook-driven publishing according to the active tier. It is not a scraper — it works with APIs that provide structured data in standard formats. The key differentiators are: (1) native support for all major authentication standards including OAuth2 and AWS SigV4; (2) a built-in AI rewrite and translation pipeline; (3) a visual Query Builder for no-code parameter construction; (4) a tiered content filter engine (6 core rules in Pro, full 14-rule engine in Business); (5) front-end display via Gutenberg, Elementor, and Bricks without any additional plugin; (6) multisite-aware activation/deactivation with new-site initialization when network-activated; and (7) activity-log reconciliation that reports fetched/created/published/draft/pending/filtered/duplicates/errors/unaccounted counts.

What kinds of REST APIs does Ingestics work with?

Yes, if the API returns data in JSON, XML, CSV, HTML, or plain text format, Ingestics can consume it. You configure the endpoint URL, authentication, request parameters, and field mapping — the plugin handles the rest. For HTML responses, Ingestics supports selector-based structured extraction (items/title/content/url/image/date/source); if selectors are not configured, HTML runs in single-item fallback mode. On Business tier, Ingestics can even auto-detect the response format. Google Sheets share/edit URLs are also supported by auto-normalizing them to CSV export endpoints. The endpoint must be reachable from your WordPress server over HTTP or HTTPS, with private/reserved/local network targets blocked by default; HTTPS is strongly recommended for production sources.

What authentication types are supported?

Free+: No auth, API Key (header or query), Bearer Token, HTTP Basic
Lite+: OAuth2 Client Credentials (machine-to-machine)
Pro+: OAuth2 Authorization Code with automatic refresh token management, including PKCE (S256) support for compatible providers
Business: AWS Signature Version 4 (SigV4) for AWS API Gateway and AWS services

All credential values (keys, secrets, tokens) are stored AES-encrypted in the WordPress database.

Does it support RSS and Atom feeds?

Yes. RSS and Atom feeds are supported from the Free tier onwards using WordPress’s built-in SimplePie library. On Lite and above, you get RSS auto-discovery (provide a website URL and Ingestics finds the feed), full-text extraction (fetches the full article from the source page to replace truncated excerpts; if fallback full-text extraction is used for an item, that item is forced to draft for manual review), and configurable output modes on Business (full_content, excerpt, summary_only, title_only, raw_payload).

How does duplicate detection work?

Ingestics checks each incoming item against existing WordPress posts before publishing. It checks both the item’s title (against post_title) and the item’s source URL (against the _aapi_source_url post meta field). If either match is found, the item is silently skipped. This detection runs on every fetch, including manual and scheduled runs. The duplicate_title and duplicate_url filter rules in the Pro/Business filter engine provide additional configurable control over how duplicates are handled (skip, draft, or publish anyway).

What happens when an API returns HTTP 429 (Too Many Requests)?

On Free through Pro, Ingestics detects the 429 response and handles it gracefully — the fetch is paused and the error is logged. On Business tier, the rate-limit budget queue system is available: items that trigger a 429 are added to a persistent database queue, and a separate cron hook (aapi_rate_limit_budget_queue) drains the queue progressively within the API’s allowed rate-limit budget window. This reduces the risk of losing work to temporary 429 responses, while external API failures, revoked credentials, quota exhaustion, or server-cron issues can still require administrator action.

How does provider rotation work?

When rotation is enabled (Lite+), each cron run fetches from one provider at a time, cycling through all active providers in sequence. For example, if you have 6 API providers and a 1-hour schedule, provider 1 runs at hour 1, provider 2 at hour 2, and so on — completing a full cycle every 6 hours. This distributes API call load evenly and respects per-hour rate limits on individual APIs. On Business, the API rotation queue and RSS rotation queue are completely independent, so you can rotate each pipeline at its own pace.

Can I display Ingestics content on the front end of my site?

Yes (Lite+). You have five display options:

Shortcode: [auto_api_feed] or [aapi_feed] — works anywhere WordPress accepts shortcodes.
Template tags: aapi_get_feed() and aapi_render_feed() for theme-level rendering (Lite+).
Gutenberg block: ingestics/feed — insert via the block editor with full visual attribute controls. Legacy auto-api/feed compatibility may remain for older installs.
Elementor widget (Pro+): native widget with Elementor’s full styling controls.
Bricks element (Pro+): native Bricks Builder element.

Available layouts: Grid (Lite+), Carousel (Pro+), Ticker (Business).

Is my API key / secret stored securely?

Yes. All sensitive values are stored using AES encryption with a unique random IV (generated via random_bytes(16)) and an HMAC-based MAC for integrity verification. The encrypted values are prefixed with aapi_sec_v1: so they are identifiable. The following plugin-managed values are encrypted: webhook secret, bridge secret, transform auth value, stock image API key, OAuth/API credentials, and AI/translation service API keys (OpenAI, Anthropic, Gemini, DeepL, Google Translate, LibreTranslate). Encrypted storage is the default behavior; plaintext compatibility fallback requires explicit opt-in for edge environments. In previews, Run Live Test output, and stored snapshots, sensitive header values and query parameters are automatically masked with ****. Remote URLs are normalized and validated; private/reserved IP ranges and link-local targets are blocked by default, and admin AJAX operations require both nonce verification and capability checks. No optional outbound service call is made unless the corresponding feature is explicitly enabled and configured by an administrator; normal source fetching and Freemius licensing/account calls operate as part of the configured plugin workflow.

What is the difference between Publish, Draft, and Pending post modes?

Each provider can be configured to create posts in one of three WordPress statuses:

Publish: Posts go live immediately and are visible to visitors. Best for trusted, high-quality sources.
Draft: Posts are saved but not visible publicly. Requires manual review and publish by an editor. Best for sources that need human moderation.
Pending: Posts are saved and flagged for editorial review. Editors see a “Pending Review” badge in the post list.

Additionally, the Business filter engine can automatically override the per-provider status to Draft for items that fail specific quality checks (e.g., short content, no image), even when the provider is set to Publish.

Can I use custom post types?

Yes (Lite+). Each provider can be configured to publish to any registered WordPress custom post type. This is set per-provider in the provider settings under Post Type. The default is the standard post type. This allows you to build specialised content types — for example, a “Job Listing” CPT fed by a jobs API, or a “Product” CPT fed by an e-commerce API.

How does pagination work?

Ingestics supports two pagination models:

Page-based (Lite+): Automatically iterates ?page=1, ?page=2, etc. You configure the parameter name, starting page, and maximum pages per run. Each run fetches all pages up to the configured limit.
Cursor / next-token (Pro+): The API returns a cursor or token in its response (e.g., next_cursor, next_token, next_page_token). Ingestics reads this value from the response and sends it as a parameter in the next request. The cursor state is persisted across cron runs.

Transient caching is automatically disabled for paginated providers since each page request returns different data.

What are provider presets?

Provider presets (Lite+) are one-click configuration templates for common API types. They pre-fill the endpoint URL structure, recommended query parameters, JSON field mappings, and authentication type for popular services. Available presets are: YouTube API, Generic API-Key, Generic Bearer (API presets); Google News RSS, YouTube Video RSS, Podcast RSS (RSS presets). After applying a preset, you only need to enter your API key — everything else is ready to go. Presets are a starting point; all settings can be customised after applying.

How does AI rewrite work and is it safe to use?

AI rewrite (Business) sends the fetched item’s title, excerpt, and/or content to the selected AI service (OpenAI, Anthropic Claude, or Google Gemini) with a system prompt instructing it to rewrite the content in a natural, original style while preserving factual accuracy. The rewritten content replaces the original before publishing, and these outbound calls occur only when AI rewrite is explicitly enabled and configured by an administrator. Safety guardrails:

Character limits (configurable) prevent excessively long outputs
Control character stripping removes any injected special characters
Strict mode ensures items that fail rewrite (API error, timeout, output too long) are either skipped or saved as drafts — never published with broken content
All API keys are stored encrypted; they are never exposed in logs or the admin UI

Per-item overrides via _aapi_content_ops allow you to skip rewrite for specific items by value.

What translation services are supported?

Business tier supports seven translation options:

OpenAI — Uses GPT models for contextual, natural translation
Anthropic (Claude) — High-quality contextual translation
Google Gemini — Google’s AI translation capability
DeepL — Industry-leading neural machine translation (50+ languages)
Google Translate API — Broad language coverage via Google Cloud
LibreTranslate — Open-source, self-hostable translation engine
Custom Endpoint — Send to a compatible translation microservice via HTTP POST

Does it support scheduled automatic fetching?

Yes (Lite+). Ingestics registers fixed WordPress cron intervals: 1 hour, 2 hours, 4 hours, 6 hours, and 24 hours on Lite; 12 hours and a custom hour-based interval on Pro+ (minimum 0.25 h, maximum 168 h). On Business, the API and RSS pipelines each have their own independent cron hooks so they can run on completely different schedules. Note that WordPress cron depends on site traffic — for high reliability on a low-traffic site, configure a system-level cron job to call wp-cron.php directly.

What is the inbound webhook trigger and how do I use it?

The inbound webhook (Pro+) is a REST API endpoint on your WordPress site: POST /wp-json/ingestics/v1/trigger. Any external system (GitHub Actions, Zapier, Make, a custom script) can call this endpoint to trigger a fetch or publish operation on demand — without logging into WordPress. The endpoint is secured with a shared secret sent in the X-AAPI-Webhook-Secret header and is protected by IP-based rate limiting. By default, the endpoint accepts POST only; legacy GET and query-string secret compatibility are optional toggles and remain disabled unless explicitly enabled. The request body specifies fetch_type (api, rss, both, publish) and optionally a campaign name. For WordPress-native automation, you can also trigger runs via aapi_trigger_fetch, aapi_trigger_fetch_api, aapi_trigger_fetch_rss, and aapi_trigger_publish. This is ideal for event-driven publishing: for example, trigger a fetch every time your supplier uploads a new data file, or kick off a publish run when a news event occurs.

Does Ingestics use Freemius for licensing or payments?

This build is Freemius-integrated and initializes Freemius by default.

What happens if the license check fails?

In this integrated build, tier access is resolved from license plan state. If the license state cannot be resolved during a refresh, feature gating may temporarily fall back to Free-tier behavior until license state sync succeeds again.

Can I use the plugin on multiple sites?

Multi-site usage depends on the site activations included in your plan. To use Ingestics on additional domains, add the required seats/plan. To move usage to a new domain, deactivate the old site first, then activate the new site.

Can I filter out competitor names, adult content, or unwanted topics automatically?

Yes (Business). The Blocked Keywords filter rule allows you to define a comma-separated list of words or phrases. Any fetched item whose title or content contains any of those terms triggers the configured action (reject, draft, or publish). This rule is part of the full 14-rule filter engine available on the Business tier. Each rule can be individually enabled/disabled and assigned a different action, giving you surgical control over automated content moderation.