Common FAQs
Answers to the most frequently asked questions about Ingestics.
What is Ingestics and how is it different from other content import plugins?
What kinds of REST APIs does Ingestics work with?
What authentication types are supported?
- Free+: No auth, API Key (header or query), Bearer Token, HTTP Basic
- Lite+: OAuth2 Client Credentials (machine-to-machine)
- Pro+: OAuth2 Authorization Code with automatic refresh token management, including PKCE (S256) support for compatible providers
- Business: AWS Signature Version 4 (SigV4) for AWS API Gateway and AWS services
All credential values (keys, secrets, tokens) are stored AES-encrypted in the WordPress database.
Does it support RSS and Atom feeds?
How does duplicate detection work?
post_title) and the item’s source URL (against the _aapi_source_url post meta field). If either match is found, the item is silently skipped. This detection runs on every fetch, including manual and scheduled runs. The duplicate_title and duplicate_url filter rules in the Pro/Business filter engine provide additional configurable control over how duplicates are handled (skip, draft, or publish anyway).What happens when an API returns HTTP 429 (Too Many Requests)?
aapi_rate_limit_budget_queue) drains the queue progressively within the API’s allowed rate-limit budget window. This reduces the risk of losing work to temporary 429 responses, while external API failures, revoked credentials, quota exhaustion, or server-cron issues can still require administrator action.How does provider rotation work?
Can I display Ingestics content on the front end of my site?
- Shortcode:
[auto_api_feed]or[aapi_feed]— works anywhere WordPress accepts shortcodes. - Template tags:
aapi_get_feed()andaapi_render_feed()for theme-level rendering (Lite+). - Gutenberg block:
ingestics/feed— insert via the block editor with full visual attribute controls. Legacyauto-api/feedcompatibility may remain for older installs. - Elementor widget (Pro+): native widget with Elementor’s full styling controls.
- Bricks element (Pro+): native Bricks Builder element.
Available layouts: Grid (Lite+), Carousel (Pro+), Ticker (Business).
Is my API key / secret stored securely?
random_bytes(16)) and an HMAC-based MAC for integrity verification. The encrypted values are prefixed with aapi_sec_v1: so they are identifiable. The following plugin-managed values are encrypted: webhook secret, bridge secret, transform auth value, stock image API key, OAuth/API credentials, and AI/translation service API keys (OpenAI, Anthropic, Gemini, DeepL, Google Translate, LibreTranslate). Encrypted storage is the default behavior; plaintext compatibility fallback requires explicit opt-in for edge environments. In previews, Run Live Test output, and stored snapshots, sensitive header values and query parameters are automatically masked with ****. Remote URLs are normalized and validated; private/reserved IP ranges and link-local targets are blocked by default, and admin AJAX operations require both nonce verification and capability checks. No optional outbound service call is made unless the corresponding feature is explicitly enabled and configured by an administrator; normal source fetching and Freemius licensing/account calls operate as part of the configured plugin workflow.What is the difference between Publish, Draft, and Pending post modes?
- Publish: Posts go live immediately and are visible to visitors. Best for trusted, high-quality sources.
- Draft: Posts are saved but not visible publicly. Requires manual review and publish by an editor. Best for sources that need human moderation.
- Pending: Posts are saved and flagged for editorial review. Editors see a “Pending Review” badge in the post list.
Additionally, the Business filter engine can automatically override the per-provider status to Draft for items that fail specific quality checks (e.g., short content, no image), even when the provider is set to Publish.
Can I use custom post types?
post type. This allows you to build specialised content types — for example, a “Job Listing” CPT fed by a jobs API, or a “Product” CPT fed by an e-commerce API.How does pagination work?
- Page-based (Lite+): Automatically iterates
?page=1,?page=2, etc. You configure the parameter name, starting page, and maximum pages per run. Each run fetches all pages up to the configured limit. - Cursor / next-token (Pro+): The API returns a cursor or token in its response (e.g.,
next_cursor,next_token,next_page_token). Ingestics reads this value from the response and sends it as a parameter in the next request. The cursor state is persisted across cron runs.
Transient caching is automatically disabled for paginated providers since each page request returns different data.
What are provider presets?
How does AI rewrite work and is it safe to use?
- Character limits (configurable) prevent excessively long outputs
- Control character stripping removes any injected special characters
- Strict mode ensures items that fail rewrite (API error, timeout, output too long) are either skipped or saved as drafts — never published with broken content
- All API keys are stored encrypted; they are never exposed in logs or the admin UI
Per-item overrides via _aapi_content_ops allow you to skip rewrite for specific items by value.
What translation services are supported?
- OpenAI — Uses GPT models for contextual, natural translation
- Anthropic (Claude) — High-quality contextual translation
- Google Gemini — Google’s AI translation capability
- DeepL — Industry-leading neural machine translation (50+ languages)
- Google Translate API — Broad language coverage via Google Cloud
- LibreTranslate — Open-source, self-hostable translation engine
- Custom Endpoint — Send to a compatible translation microservice via HTTP POST
Does it support scheduled automatic fetching?
wp-cron.php directly.What is the inbound webhook trigger and how do I use it?
POST /wp-json/ingestics/v1/trigger. Any external system (GitHub Actions, Zapier, Make, a custom script) can call this endpoint to trigger a fetch or publish operation on demand — without logging into WordPress. The endpoint is secured with a shared secret sent in the X-AAPI-Webhook-Secret header and is protected by IP-based rate limiting. By default, the endpoint accepts POST only; legacy GET and query-string secret compatibility are optional toggles and remain disabled unless explicitly enabled. The request body specifies fetch_type (api, rss, both, publish) and optionally a campaign name. For WordPress-native automation, you can also trigger runs via aapi_trigger_fetch, aapi_trigger_fetch_api, aapi_trigger_fetch_rss, and aapi_trigger_publish. This is ideal for event-driven publishing: for example, trigger a fetch every time your supplier uploads a new data file, or kick off a publish run when a news event occurs.