Field Forge exposes a full REST API at /wp-json/fieldforge/v1/. Field group schema reads (GET /field-groups and GET /field-groups/{id}) are public so headless and decoupled frontends can bootstrap form/content schemas without WordPress cookies. Value-bearing read endpoints still require authenticated users with the relevant WordPress capability, and write endpoints (POST/PUT/DELETE) require manage_options.
ETag and Cache-Control: private, max-age=60 headers. Authenticated GET responses also include ETags, but WordPress may add its standard logged-in no-cache directives. Send the previous ETag back via If-None-Match to receive a 304 Not Modified where the client cache is valid.
bash
# Application Passwords (WordPress 5.6+)
AUTH="admin:xxxx xxxx xxxx xxxx xxxx xxxx"
curl -s -u "$AUTH"
-H "If-None-Match: "$LAST_ETAG""
"https://example.com/wp-json/fieldforge/v1/field-groups"REST API Endpoint Summary
| Method | Endpoint | Capability | Description |
|---|---|---|---|
GET | /fieldforge/v1/field-groups | Public | List public field groups |
POST | /fieldforge/v1/field-groups | manage_options | Create a field group |
GET | /fieldforge/v1/field-groups/{id} | Public | Get a single public field group |
PUT | /fieldforge/v1/field-groups/{id} | manage_options | Update a field group |
DELETE | /fieldforge/v1/field-groups/{id} | manage_options | Delete a field group |
GET | /fieldforge/v1/fields/{post_id} | read_post (per-post) | Get all values for a post |
PUT | /fieldforge/v1/fields/{post_id} | manage_options | Update values for a post |
GET | /fieldforge/v1/options/{page} | edit_posts or read_private_posts | Get options page values |
POST | /fieldforge/v1/import/acf | manage_options | Import from ACF |
POST | /fieldforge/v1/generate | manage_options | AI schema generation (PRO, starts at 2 credits) |
Public field group GET endpoints filter out groups marked private (or with location rules limited to administrators) when the requesting user is not an admin.
—