Abilities API
Expose your community to AI agents and automation through the WordPress Abilities API - 19 free abilities plus 20 more with Pro, each enforcing the same permissions as the REST API.
What You Will Learn
- What the Abilities API is and when to use it instead of REST
- Every ability Jetonomy and Jetonomy Pro register
- How permissions work (they mirror REST exactly)
- How to execute an ability from PHP or WP-CLI
What Is the Abilities API?
The WordPress Abilities API is a machine-readable registry of "things a site can do", each with a name, description, JSON-Schema input/output contracts, and a permission callback. AI agents, MCP servers, and automation tools discover abilities at runtime and call them without knowing your REST routes.
Where the API comes from: the Abilities API ships in WordPress core from version 7.0 onward. On earlier versions (6.7-6.9) it is available as the standalone WordPress Abilities API feature plugin - install and activate that plugin and the API works the same way.
Jetonomy registers its abilities only when the API is actually present. It hooks the API's own wp_abilities_api_init / wp_abilities_api_categories_init actions, which fire whether the API came from core (7.0+) or from the feature plugin on an older release. If neither core nor the plugin provides the API, those hooks never fire and Jetonomy simply does not register abilities - no errors, no changed behaviour, and the REST API remains the way to drive the community.
Free Abilities
All free abilities live under the jetonomy/ namespace, grouped into categories (jetonomy-content, jetonomy-spaces, jetonomy-users, jetonomy-moderation, jetonomy-search).
| Ability | What it does |
|---|---|
jetonomy/list-spaces, jetonomy/get-space |
Browse spaces |
jetonomy/create-space, jetonomy/join-space, jetonomy/list-space-members |
Space membership |
jetonomy/list-posts, jetonomy/get-post, jetonomy/create-post |
Topics |
jetonomy/list-replies, jetonomy/create-reply |
Replies |
jetonomy/vote |
Vote on posts and replies |
jetonomy/search |
Full-text search |
jetonomy/get-activity, jetonomy/get-user-profile |
Member data |
jetonomy/list-notifications, jetonomy/mark-notifications-read |
Notifications |
jetonomy/flag-content, jetonomy/list-flags, jetonomy/moderate-content |
Moderation |
Pro Abilities
Pro adds 20 abilities under jetonomy-pro/ covering its extensions:
| Area | Abilities |
|---|---|
| Messaging | list-conversations, get-conversation, send-message |
| Polls | create-poll, vote-poll, get-poll-results |
| Reactions | get-reactions, add-reaction |
| Badges | list-badges, get-user-badges, award-badge |
| Custom fields | list-custom-fields, set-custom-field |
| Analytics | get-analytics, export-analytics |
| Webhooks | list-webhooks, create-webhook, delete-webhook |
| Moderation rules | list-moderation-rules, create-moderation-rule |
Permissions Mirror REST
Every ability executes through the same REST stack that powers the frontend (improved in 1.5.0 - abilities previously used a separate code path). That means the permission model is identical: an agent acting as a subscriber cannot read someone else's conversation, list webhooks, or award badges, and gets the same jetonomy_forbidden / rest_forbidden errors the REST API returns. There is no separate "abilities permission system" to audit.
Executing an Ability
From PHP:
$ability = wp_get_ability( 'jetonomy/create-post' );
if ( $ability ) {
$result = $ability->execute( [
'space_id' => 8,
'title' => 'Posted by an agent',
'content' => 'Hello from the Abilities API.',
] );
}
Abilities that take no input are executed with no arguments: wp_get_ability( 'jetonomy/list-spaces' )->execute().
From WP-CLI (WordPress 7.0+):
wp ability run jetonomy/search --input='{"q":"onboarding"}'
What's Next?
The same operations are available over plain HTTP if you prefer direct REST calls.