Overview
The REST API settings page allows you to set up the Gravity Forms REST API, which can be used to integrate Gravity Forms with custom apps, remote services, and other WordPress sites.
Activate The REST API
- To enable the Gravity Forms REST API, navigate to Forms → Settings → REST API.
- Check the Enabled checkbox.
- Click on the Update button to save the settings.
- The REST API is now enabled.
Note: If the Update button is not clicked, any settings created will be saved, but they will not be available for use.
API version 2 authentication
Add Key
- Click on Add Key.
- Add a Description for your key.
The description can be used as a reminder of what this key is used for. - Select the user assigned to that key.
- Select the Permissions.
- Add the key.
- Copy the Consumer Key and Secret now, as they will not be available once you leave this page.
- After copying the keys, click the X in the upper right corner to close the dialog.
- You will see your new key in the Authentication list
- Once you have copied your Consumer Key and Consumer Secret and the API key you created is listed, click the “Update” button at the bottom of the page to save the key.
Edit Key
- Hover the key you want to edit. Click on Edit.
- You can edit the key Description, User, and Permissions.
- Click on Update to save the changes.
Revoke Key
Revoking an API key might be necessary when an application or service using it is no longer needed, ensuring the system remains clean. Regularly rotating keys as part of best practices and revoking old ones can also help maintain an organized and efficient system.
- Hover the key you want to edit. Click on Revoke.
- A dialog will ask you to confirm.
Note: when you revoke an API Key, any services using that key will no longer be able to connect to the Gravity Forms REST API.
Visit the documentation pages for more information about the Gravity Forms API version 2.
API version 1 authentication
This section provides information on configuring and authenticating API access to use the REST API version 1 of a given service. Visit the documentation pages for more information about the Gravity Forms API version 1.
Public API Key
The public key used for API authentication. It is typically included in API requests to identify the client making the request. Public keys are generally safe to share and can be used in client-side applications.
Private API Key
The private key should be kept secure and not exposed publicly. It is used to authenticate and authorize API requests, providing access to the underlying resources and operations. The private key should only be used in server-side applications to prevent unauthorized access.
QR Code
This feature allows you to generate and display a QR code, which can be scanned to configure or access the API settings quickly. The QR code can be shown or hidden as needed.
Note: Each time the Public Key or Private Key changes, the settings must be saved, and a new QR Code will be generated.
Impersonate Account
This option allows you to set the user the API request will use on each action.
WordPress Roles in the Gravity Forms REST API
Gravity Forms supports authenticating REST API requests using credentials. Remember that the Gravity Forms capabilities assigned to the user authenticating the request will be honored. For example, if the user does not have the capability to edit entries (gravityforms_edit_entries), requests to update entries will fail. See the Role Management article for details about the available capabilities and how to manage them.