The WordPress REST API lets you use WordPress as a pure content engine while the frontend is built with any framework. Content is managed in familiar WordPress admin. Visitors see a React site, a mobile app, or whatever you build.
Why headless?
Three reasons. Performance: the frontend can be static or server-rendered, significantly faster than PHP-rendered pages. Security: the WordPress installation is never exposed directly. Flexibility: the same content can power web, app, and other channels.
Getting started
The API is active by default. https://your-site.com/wp-json/wp/v2/posts returns JSON with all published posts. Pages, categories, tags, media, everything is available as endpoints. No extra plugin needed for basic functionality.
Next.js as frontend
Fetch data with fetch() in getStaticProps or getServerSideProps. Server-side rendering (SSR) provides SEO-friendly pages. Incremental static regeneration (ISR) keeps content fresh without rebuilding the entire site on every change.
We usually set revalidate to 60 seconds. Fast enough that changes appear within a minute, infrequent enough that it doesn't burden the API.
Authentication
Public content requires no authentication. To create or modify content via the API, use Application Passwords (built in since WordPress 5.6). The alternative is JWT tokens via plugin.
Headless WordPress works best when you have a dev team maintaining the frontend. For simpler sites, it's more complexity than it's worth.