REST API and security
As we have previously mentioned, the infrastructure of WordPress will be included within the core of WordPress itself in version 4.4. The release of the upcoming WordPress version will yield several endpoints for the REST API, which has brought up some debates regarding how security will be handled.
REST, being the stateless client-server protocol that it is, will be used over HTTP most of the time. REST is not a specific API for WordPress, and is mostly used for non-specific tasks over the web as a standard protocol. The WordPress REST API will make your website a web service that applications will be able to retrieve data from, and all this will happen on an automated basis with no need to access the website from the browser.
Regarding how the WordPress REST API works, we will retrieve information from a website that works as a target. This will send a specific HTTP GET request that will be further conducted to the REST API. Your target website will not return any data...