Backup Copilot Pro’s REST API enables programmatic control of backups, restores, and schedules from external systems. Automate backups from CI/CD pipelines, build custom monitoring dashboards, integrate with mobile apps, or create multi-site management tools. This complete API reference shows you how with authentication methods, endpoint documentation, and integration examples.
API Capabilities Overview
The Backup Copilot Pro REST API provides:
Backup Operations: Create, list, download, delete, and restore backups programmatically.
Schedule Management: Create, update, and delete backup schedules via API.
Real-Time Status: Monitor backup progress and completion status.
Multi-Site Support: Manage backups across multiple WordPress installations from central system.
Webhooks: Receive notifications when backup events occur (completed, failed, restored).
Audit Logging: Track all API operations for compliance and security.
Authentication Methods
Backup Copilot Pro API supports two authentication methods:
Application Passwords (Recommended)
WordPress Application Passwords provide secure API access without exposing main account password:
Generate Application Password: 1. Navigate to Users → Profile in WordPress admin 2. Scroll to “Application Passwords” section 3. Enter name: “Backup Automation System” 4. Click “Add New Application Password” 5. Copy generated password (only shown once)
Using Application Password:
curl -u username:application_password \
https://yoursite.com/wp-json/bkpc/v1/backup/listOAuth 2.0 (Enterprise)
For enterprise integrations requiring token-based auth:
# Step 1: Get authorization code
https://yoursite.com/oauth/authorize?
client_id=YOUR_CLIENT_ID&
redirect_uri=https://app.example.com/callback&
response_type=code&
scope=backup:read backup:write
# Step 2: Exchange code for access token
curl -X POST https://yoursite.com/oauth/token \
-d "grant_type=authorization_code" \
-d "code=AUTHORIZATION_CODE" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "redirect_uri=https://app.example.com/callback"
# Step 3: Use access token
curl -H "Authorization: Bearer ACCESS_TOKEN" \
https://yoursite.com/wp-json/bkpc/v1/backup/listBackup Endpoints
Create New Backup
POST /wp-json/bkpc/v1/backup/createRequest Body:
{
"type": "full",
"cloud_upload": true,
"provider": "dropbox",
"send_notification": true,
"metadata": {
"triggered_by": "CI/CD Pipeline",
"build_number": "245"
}
}Parameters: – type (string): “full”, “database”, or “files”. Default: “full” – cloud_upload (boolean): Upload to cloud after creation. Default: false – provider (string): Cloud provider ID if uploading. Default: default provider – send_notification (boolean): Email notification on completion. Default: true – metadata (object): Custom metadata attached to backup
Response:
{
"success": true,
"data": {
"uuid": "bkpc_20250124_093045_a8f3d2",
"status": "in_progress",
"type": "full",
"created_at": "2025-01-24T09:30:45Z",
"estimated_size": 1247652864,
"progress_url": "/wp-json/bkpc/v1/backup/bkpc_20250124_093045_a8f3d2/status"
}
}cURL Example:
curl -X POST https://yoursite.com/wp-json/bkpc/v1/backup/create \
-u username:app_password \
-H "Content-Type: application/json" \
-d '{"type":"full","cloud_upload":true}'List All Backups
GET /wp-json/bkpc/v1/backup/listQuery Parameters: – page (int): Page number for pagination. Default: 1 – per_page (int): Results per page (max 100). Default: 20 – type (string): Filter by backup type (“full”, “database”, “files”) – status (string): Filter by status (“completed”, “failed”, “in_progress”) – order (string): Sort order (“asc”, “desc”). Default: “desc” – orderby (string): Sort field (“created_at”, “size”). Default: “created_at”
Response:
{
"success": true,
"data": {
"backups": [
{
"uuid": "bkpc_20250124_093045_a8f3d2",
"type": "full",
"status": "completed",
"created_at": "2025-01-24T09:30:45Z",
"completed_at": "2025-01-24T09:35:12Z",
"size": 1247652864,
"cloud_provider": "dropbox",
"cloud_uploaded": true,
"download_url": "/wp-json/bkpc/v1/backup/bkpc_20250124_093045_a8f3d2/download"
}
],
"pagination": {
"current_page": 1,
"per_page": 20,
"total_items": 87,
"total_pages": 5
}
}
}Get Backup Details
GET /wp-json/bkpc/v1/backup/{uuid}Response:
{
"success": true,
"data": {
"uuid": "bkpc_20250124_093045_a8f3d2",
"type": "full",
"status": "completed",
"created_at": "2025-01-24T09:30:45Z",
"completed_at": "2025-01-24T09:35:12Z",
"size": 1247652864,
"cloud_provider": "dropbox",
"cloud_uploaded": true,
"cloud_path": "/backups/bkpc_20250124_093045_a8f3d2.zip",
"metadata": {
"wordpress_version": "6.4.2",
"php_version": "8.2.0",
"mysql_version": "8.0.35",
"table_count": 47,
"file_count": 12847,
"triggered_by": "CI/CD Pipeline"
},
"includes": {
"database": true,
"plugins": true,
"themes": true,
"uploads": true,
"wordpress_core": false
}
}
}Download Backup
POST /wp-json/bkpc/v1/backup/{uuid}/downloadResponse:
{
"success": true,
"data": {
"download_url": "https://yoursite.com/wp-content/backup-copilot-pro/downloads/bkpc_20250124_093045_a8f3d2.zip?token=abc123",
"expires_at": "2025-01-24T10:30:45Z",
"size": 1247652864
}
}Download URL expires after 1 hour for security.
Delete Backup
DELETE /wp-json/bkpc/v1/backup/{uuid}Query Parameters: – delete_cloud (boolean): Also delete from cloud storage. Default: false
Response:
{
"success": true,
"message": "Backup deleted successfully"
}Restore from Backup
POST /wp-json/bkpc/v1/backup/{uuid}/restoreRequest Body:
{
"restore_database": true,
"restore_files": true,
"restore_plugins": true,
"restore_themes": true,
"restore_uploads": true
}Response:
{
"success": true,
"data": {
"restore_id": "restore_20250124_103045",
"status": "in_progress",
"started_at": "2025-01-24T10:30:45Z",
"progress_url": "/wp-json/bkpc/v1/restore/restore_20250124_103045/status"
}
}Monitor Backup Status
GET /wp-json/bkpc/v1/backup/{uuid}/statusResponse:
{
"success": true,
"data": {
"status": "in_progress",
"progress": {
"percentage": 67,
"current_step": "Uploading to cloud",
"steps_completed": 4,
"steps_total": 6,
"files_processed": 8472,
"files_total": 12847,
"bytes_processed": 835891230,
"bytes_total": 1247652864
},
"estimated_time_remaining": 135
}
}Schedule Endpoints
List Schedules
GET /wp-json/bkpc/v1/schedule/listResponse:
{
"success": true,
"data": {
"schedules": [
{
"id": 42,
"name": "Daily Full Backup",
"enabled": true,
"frequency": "daily",
"time": "02:00:00",
"backup_type": "full",
"cloud_upload": true,
"cloud_provider": "dropbox",
"retention_days": 30,
"next_run": "2025-01-25T02:00:00Z",
"last_run": "2025-01-24T02:00:00Z",
"last_run_status": "completed"
}
]
}
}Create Schedule
POST /wp-json/bkpc/v1/schedule/createRequest Body:
{
"name": "Hourly Database Backup",
"enabled": true,
"frequency": "hourly",
"backup_type": "database",
"cloud_upload": true,
"cloud_provider": "google_drive",
"retention_days": 7,
"send_notification": false
}Response:
{
"success": true,
"data": {
"id": 43,
"name": "Hourly Database Backup",
"next_run": "2025-01-24T11:00:00Z"
}
}Webhook Configuration
Configure webhooks to receive notifications:
POST /wp-json/bkpc/v1/webhooks/createRequest Body:
{
"url": "https://monitoring.example.com/webhook/backup-events",
"events": ["backup.completed", "backup.failed", "restore.completed"],
"secret": "your_webhook_secret_for_signature_validation"
}Webhook Payload Example:
{
"event": "backup.completed",
"timestamp": "2025-01-24T09:35:12Z",
"site_url": "https://yoursite.com",
"data": {
"uuid": "bkpc_20250124_093045_a8f3d2",
"type": "full",
"size": 1247652864,
"duration_seconds": 267,
"cloud_uploaded": true,
"cloud_provider": "dropbox"
}
}Integration Examples
CI/CD Pipeline Integration
Trigger backup before deployment:
# GitHub Actions example
- name: Create Pre-Deployment Backup
run: |
RESPONSE=$(curl -s -X POST https://yoursite.com/wp-json/bkpc/v1/backup/create \
-u ${{ secrets.WP_USERNAME }}:${{ secrets.WP_APP_PASSWORD }} \
-H "Content-Type: application/json" \
-d '{"type":"full","cloud_upload":true,"metadata":{"build":"${{ github.run_number }}"}}'')
BACKUP_UUID=$(echo $RESPONSE | jq -r '.data.uuid')
# Wait for backup completion
while true; do
STATUS=$(curl -s https://yoursite.com/wp-json/bkpc/v1/backup/$BACKUP_UUID/status \
-u ${{ secrets.WP_USERNAME }}:${{ secrets.WP_APP_PASSWORD }} | jq -r '.data.status')
if [ "$STATUS" = "completed" ]; then
echo "Backup completed successfully"
break
elif [ "$STATUS" = "failed" ]; then
echo "Backup failed"
exit 1
fi
sleep 10
donePython Monitoring Script
import requests
from requests.auth import HTTPBasicAuth
class BackupMonitor:
def __init__(self, site_url, username, app_password):
self.site_url = site_url
self.auth = HTTPBasicAuth(username, app_password)
self.api_base = f"{site_url}/wp-json/bkpc/v1"
def list_backups(self, status=None):
url = f"{self.api_base}/backup/list"
params = {'status': status} if status else {}
response = requests.get(url, auth=self.auth, params=params)
response.raise_for_status()
return response.json()['data']['backups']
def create_backup(self, backup_type='full', cloud_upload=True):
url = f"{self.api_base}/backup/create"
data = {
'type': backup_type,
'cloud_upload': cloud_upload
}
response = requests.post(url, auth=self.auth, json=data)
response.raise_for_status()
return response.json()['data']
def monitor_backup(self, uuid):
url = f"{self.api_base}/backup/{uuid}/status"
while True:
response = requests.get(url, auth=self.auth)
data = response.json()['data']
status = data['status']
progress = data.get('progress', {}).get('percentage', 0)
print(f"Status: {status} - Progress: {progress}%")
if status in ['completed', 'failed']:
return status
time.sleep(10)
# Usage
monitor = BackupMonitor(
'https://yoursite.com',
'admin',
'your-application-password'
)
backup = monitor.create_backup()
status = monitor.monitor_backup(backup['uuid'])
print(f"Final status: {status}")JavaScript Dashboard
class BackupDashboard {
constructor(siteUrl, username, appPassword) {
this.apiBase = `${siteUrl}/wp-json/bkpc/v1`;
this.auth = btoa(`${username}:${appPassword}`);
}
async listBackups() {
const response = await fetch(`${this.apiBase}/backup/list`, {
headers: {
'Authorization': `Basic ${this.auth}`
}
});
return await response.json();
}
async createBackup(type = 'full') {
const response = await fetch(`${this.apiBase}/backup/create`, {
method: 'POST',
headers: {
'Authorization': `Basic ${this.auth}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
type: type,
cloud_upload: true
})
});
return await response.json();
}
async deleteBackup(uuid) {
const response = await fetch(`${this.apiBase}/backup/${uuid}`, {
method: 'DELETE',
headers: {
'Authorization': `Basic ${this.auth}`
}
});
return await response.json();
}
}
// Usage
const dashboard = new BackupDashboard(
'https://yoursite.com',
'admin',
'your-application-password'
);
// Create backup button handler
document.getElementById('create-backup').addEventListener('click', async () => {
const result = await dashboard.createBackup('full');
console.log('Backup created:', result.data.uuid);
});Error Handling
API returns standard HTTP status codes:
200 OK: Request successful 201 Created: Resource created successfully 400 Bad Request: Invalid request parameters 401 Unauthorized: Authentication failed 403 Forbidden: Insufficient permissions 404 Not Found: Resource not found 429 Too Many Requests: Rate limit exceeded 500 Internal Server Error: Server error
Error Response Format:
{
"success": false,
"error": {
"code": "invalid_backup_type",
"message": "Backup type must be 'full', 'database', or 'files'",
"data": {
"provided_value": "partial"
}
}
}Rate Limiting
API requests are rate limited:
Free Plan: 100 requests/hour Pro Plan: 500 requests/hour Enterprise Plan: 5000 requests/hour
Rate limit headers included in responses:
X-RateLimit-Limit: 500
X-RateLimit-Remaining: 487
X-RateLimit-Reset: 1706097600Security Best Practices
Use Application Passwords: Never use main account password for API authentication.
HTTPS Only: Always use HTTPS for API requests to encrypt credentials and data.
Rotate Credentials: Regularly rotate Application Passwords and revoke unused ones.
Validate Webhooks: Verify webhook signatures using shared secret:
$payload = file_get_contents('php://input');
$signature = hash_hmac('sha256', $payload, 'your_webhook_secret');
if (!hash_equals($signature, $_SERVER['HTTP_X_BKPC_SIGNATURE'])) {
http_response_code(401);
exit;
}Minimum Permissions: Grant API users minimum required permissions (backup operator role rather than administrator).
Conclusion
Backup Copilot Pro’s REST API enables powerful automation and integration possibilities. From CI/CD pipeline integrations ensuring pre-deployment backups to custom monitoring dashboards providing real-time visibility, the API provides complete programmatic control over backup operations.
Authentication via Application Passwords provides secure access, comprehensive endpoints cover all backup operations, real-time status monitoring enables responsive workflows, and webhook notifications enable event-driven architectures. Whether building custom tools or integrating with existing systems, the API provides the foundation for automated, reliable WordPress backup management.
External Links
- WordPress REST API Handbook
- Application Passwords
- REST API Authentication
- Postman API Testing
- OAuth 2.0 for WordPress
Call to Action
Build powerful integrations! Backup Copilot Pro includes full REST API access with comprehensive documentation. Automate your entire backup workflow—get started today!
