Base URL: https://yoursite.com/wp-json/omobile/v1/
All mobile endpoints require the X-Om-Install-Id header with a unique per-install UUID.
Auth Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /auth/login | Public | Authenticate, receive JWT pair |
| POST | /auth/refresh | Public | Rotate refresh token |
| POST | /auth/logout | Bearer | Revoke refresh token |
| GET | /auth/me | Bearer | Current user profile |
Config Endpoint
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /config | Bearer | App config, flags, remote config, announcements |
The config response is cached per platform+version for 60 seconds. The cache is invalidated automatically whenever a feature flag or remote config value is updated.
Query params:
version— app version string (used for version_check)platform—iosorandroid
Response shape:
json{
"flags": {
"new_checkout_flow": {
"value": true,
"rollout_pct": 50,
"in_rollout": true
}
},
"remote_config": {
"min_cart_value": 10,
"support_email": "help@example.com"
},
"announcements": [],
"version_check": {
"status": "supported",
"force_update": false,
"message": ""
}
}
Device Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /devices/register | Bearer | Register/update device |
json{
"platform": "ios",
"app_version": "2.1.0",
"push_token": "<FCM or APNs token>",
"locale": "en-US",
"timezone": "America/New_York",
"os_version": "17.4",
"device_model": "iPhone 15"
}
Telemetry Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /telemetry/events | Bearer | Submit batch of events |
| POST | /telemetry/session | Bearer | Start/end session |
Crash Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /crashes/report | Bearer | Submit crash report |
Crashes are fingerprinted by hashing the top 3 frames of the stack trace. Duplicate crashes increment a counter rather than inserting new rows.
Content Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /content/posts | Bearer | Paginated posts feed |
| GET | /content/posts/{id} | Bearer | Single post |
Admin REST Endpoints
These endpoints require a logged-in admin user or a valid API key with manage_omobile capability.
| Method | Path | Description |
|---|---|---|
| GET/POST/DELETE | /admin/flags | Feature flag CRUD |
| GET/PUT | /admin/remote-config | Remote config CRUD |
| GET/POST | /admin/push-queue | Push queue management |
| GET | /admin/segments | List segments |
| GET | /admin/audit | Audit log |
| GET/POST/DELETE | /admin/api-keys | API key management |
| GET/POST | /admin/app-versions | Version rule management |
| GET | /admin/snapshots | Snapshot list |