How do I use the API in Matomo for WordPress? FAQ - Matomo for WordPress

Matomo for WordPress has long supported accessing data through the WordPress REST API.

From version 5.3.0, Matomo for WordPress also supports the standard Matomo HTTP API, making it possible to connect with external tools like the Matomo mobile app and Looker Studio.

The method you use depends on your use case.

Method 1: WordPress REST API (Recommended for WordPress-specific use)

Matomo for WordPress includes a REST API built on top of the WordPress infrastructure. This is the recommended method if you are:

Developing custom WordPress plugins or themes,
Automating tasks within the WordPress environment, or
Fetching reports, creating goals, or adding annotations directly via WordPress.

Refer to the Matomo for WordPress REST API reference guide.

Method 2: Standard Matomo HTTP API

As of version 5.3.0, Matomo for WordPress also supports the standard Matomo HTTP API. Refer to the Matomo HTTP API reference guide.

This allows using external tools such as:

The Matomo Mobile App
The Looker Studio connector
Custom scripts or third-party integrations that expect a standard Matomo API.

To enable this, you’ll need to adjust your Matomo for WordPress configuration and use a WordPress Application Password for authentication.

How to enable the HTTP API

1. Enable app password authentication

Open the config file located in /wp-content/uploads/matomo/config/config.ini.php.
Add the following under the WordPress section:

[WordPress]
allow_app_password_as_token_auth = 1

This allows Matomo to authenticate API requests using a WordPress application password.

Note: Some hosting providers may restrict direct access to plugin files. If access to https://yourdomain.com/wp-content/plugins/matomo/app/index.php is blocked, the standard HTTP API will not be available.

2. Create a dedicated user (Optional)

For added security, you can create a separate WordPress user account specifically for API access. Having a separate user helps limit exposure and makes it easier to manage or revoke access if needed. Assign only the required capabilities:

view_matomo – for read-only access like Looker Studio.
write_matomo – for integrations that require data modification.

Note: WordPress doesn’t provide a built-in user interface for assigning capabilities. You will need to install a plugin that allows managing user capabilities.

3. Create a WordPress Application Password

To generate an application password in WordPress:

Log in to your WordPress admin dashboard (typically at yourdomain.com/wp-admin).
In the left-hand menu, go to Users > Profile.
Scroll down to the Application Passwords section.
Enter a label to describe the integration (e.g. “Looker Studio” or “Matomo Mobile App”).
Click the button to generate a new password.
Copy the generated password and store it securely as it will not be shown again.

You can create separate passwords for each service or integration. If needed, individual passwords can be revoked later without affecting your main WordPress login or other connected services.

4. Connect to the Matomo API

When configuring the external integration, use the following:

API URL: https://yourdomain.com/wp-content/plugins/matomo/app
token_auth format: {username}:{application_password}
Example: admin:fDmQ7IETCdqpDo1k05g0lprn

This replaces the standard Matomo token_auth value with a combination of your WordPress username and app password.

Next FAQ: How do I disable the Tag Manager in Matomo for WordPress?

Previous FAQ: How do I find the JavaScript tracker URL that is used in Matomo for WordPress?