AJAX & REST API Endpoints

BricksMembers provides AJAX endpoints for admin operations and a REST API endpoint for webhooks. Use these endpoints to integrate with external systems or build custom interfaces.

AJAX Endpoints

AJAX endpoints require proper authentication and nonce verification. Use them from JavaScript in the admin area or frontend.

Making AJAX Requests

// In WordPress admin
jQuery.ajax({
    url: ajaxurl,
    type: 'POST',
    data: {
        action: 'brm_add_user_level',
        nonce: brmAdmin.nonce,  // Provided by plugin
        user_id: 123,
        level_id: 5
    },
    success: function(response) {
        if (response.success) {
            console.log('Level added:', response.data);
        } else {
            console.error('Error:', response.data.message);
        }
    }
});

// Modern fetch API
fetch(ajaxurl, {
    method: 'POST',
    headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
    },
    body: new URLSearchParams({
        action: 'brm_add_user_level',
        nonce: brmAdmin.nonce,
        user_id: 123,
        level_id: 5
    })
})
.then(response => response.json())
.then(data => {
    if (data.success) {
        console.log('Success:', data.data);
    }
});

Common Admin Endpoints

// Selected admin endpoints (see code for full list)
brm_bulk_user_action     // Bulk assign/remove levels
brm_get_structure        // Fetch structure data
brm_duplicate_structure  // Duplicate a structure
brm_load_posts/terms/users // Search lists for admin selectors
brm_save_level_redirect_rule // Save access redirect rules
brm_save_download        // Save protected downloads
brm_regenerate_api_key   // Rotate API key

Frontend Endpoints

// Progress tracking (requires logged-in user)
brm_mark_progress
brm_toggle_progress
brm_get_progress_data
brm_get_next_post

Response Format

All AJAX endpoints return JSON with a success boolean and either data or an error message.

REST API Endpoint

BricksMembers provides a webhook endpoint for external integrations:

// Endpoint URL
POST /wp-json/bricksmembers/v1/webhook

// Authentication: Query param secret, HMAC signature, or Authorization header
// See Webhooks API post for details

Webhook Request

// The webhook endpoint receives external webhook payloads
// Configure field mappings in BricksMembers → Webhooks → Webhook Mapping
// to map external webhook data to level assignments

Webhook Authentication

Webhook authentication supports:

// Query param secret
POST /wp-json/bricksmembers/v1/webhook?secret=your_secret

// HMAC signature (uses the same secret)
X-BRM-Signature: sha256_hmac_signature

// API key in Authorization header
Authorization: Bearer {brm_api_key_option}

HMAC Signature Verification

// PHP example for generating HMAC
$payload = file_get_contents('php://input');
$secret = 'your_secret_key';
$signature = hash_hmac('sha256', $payload, $secret);

// Send in header
$headers = [
    'X-BRM-API-Key' => 'your_api_key',
    'X-BRM-Signature' => $signature,
    'Content-Type' => 'application/json'
];

Creating Custom AJAX Endpoints

You can create custom AJAX endpoints that integrate with BricksMembers:

// Register custom endpoint
add_action('wp_ajax_my_custom_action', function() {
    // Verify nonce
    check_ajax_referer('brm_ajax_nonce', 'nonce');
    
    // Check permissions
    if (!current_user_can('manage_options')) {
        wp_send_json_error(['message' => 'Insufficient permissions']);
    }
    
    // Use BricksMembers API
    $user_id = intval($_POST['user_id']);
    $level_id = intval($_POST['level_id']);
    
    $result = brm_core()->add_user_level($user_id, $level_id);
    
    if ($result) {
        wp_send_json_success(['message' => 'Level added']);
    } else {
        wp_send_json_error(['message' => 'Failed to add level']);
    }
});

// Frontend endpoint (logged-in users)
add_action('wp_ajax_my_frontend_action', function() {
    check_ajax_referer('brm_frontend_nonce', 'nonce');
    
    if (!is_user_logged_in()) {
        wp_send_json_error(['message' => 'Must be logged in']);
    }
    
    // Your custom logic here
    wp_send_json_success(['data' => 'Result']);
});

Security Best Practices

  • Always verify nonces: Use check_ajax_referer() for AJAX requests
  • Check capabilities: Verify user permissions before operations
  • Sanitize input: Always sanitize and validate user input
  • Use API keys securely: Store API keys securely, never in code
  • Enable rate limiting: Webhooks include rate limiting by default

Rate Limiting

AJAX endpoints include automatic rate limiting (defaults are 10 requests/minute per user unless an action-specific override is defined in code). There is no filter to change these limits.

Early Bird Deal

Start Building Your Membership Site Today

Create, sell, and manage your content without limits. BricksMembers gives you everything you need to build membership and LMS sites with Bricks Builder.

Get BricksMembers

Lifetime updates & bug fixes • Premium support • 0% transaction fees • 60-day money-back guarantee