Gravity Forms REST API Settings

Overview

The REST API settings page allows you to set up the Gravity Forms REST API, which can be used to integrate Gravity Forms with custom apps, remote services, and other WordPress sites.

Activate The REST API

To enable the Gravity Forms REST API, navigate to Forms → Settings → REST API.

Image showing the Gravity Forms REST API as disabled

Check the Enabled checkbox.
Click on the Update button to save the settings.
The REST API is now enabled.

Image showing the Gravity Forms REST API as enabled

Note: If the Update button is not clicked, any settings created will be saved, but they will not be available for use.

API version 2 authentication

Add Key

Image showing Gravity Forms REST API Authentication (API Version 2) Keys

Click on Add Key.

Add a Description for your key.
The description can be used as a reminder of what this key is used for.
Select the user assigned to that key.
Select the Permissions.
Add the key.

Note: After creating your credentials, make sure to copy them before closing the dialog, as you will not be able to view them again.

Image showing consumer key and consumer secret

Copy the Consumer Key and Secret now, as they will not be available once you leave this page.
After copying the keys, click the X in the upper right corner to close the dialog.

You will see your new key in the Authentication list

Once you have copied your Consumer Key and Consumer Secret and the API key you created is listed, click the “Update” button at the bottom of the page to save the key.

Edit Key

Hover the key you want to edit. Click on Edit.
You can edit the key Description, User, and Permissions.
Click on Update to save the changes.

Revoke Key

Revoking an API key might be necessary when an application or service using it is no longer needed, ensuring the system remains clean. Regularly rotating keys as part of best practices and revoking old ones can also help maintain an organized and efficient system.

Hover the key you want to edit. Click on Revoke.
A dialog will ask you to confirm.

Image showin a pop up to confirm API Key deletion

Note: when you revoke an API Key, any services using that key will no longer be able to connect to the Gravity Forms REST API.

Visit the documentation pages for more information about the Gravity Forms API version 2.

API version 1 authentication

This section provides information on configuring and authenticating API access to use the REST API version 1 of a given service. Visit the documentation pages for more information about the Gravity Forms API version 1.

Image showing Authentication settings for Gravity Forms API Version 1

Public API Key

The public key used for API authentication. It is typically included in API requests to identify the client making the request. Public keys are generally safe to share and can be used in client-side applications.

Private API Key

The private key should be kept secure and not exposed publicly. It is used to authenticate and authorize API requests, providing access to the underlying resources and operations. The private key should only be used in server-side applications to prevent unauthorized access.

QR Code

This feature allows you to generate and display a QR code, which can be scanned to configure or access the API settings quickly. The QR code can be shown or hidden as needed.

Note: Each time the Public Key or Private Key changes, the settings must be saved, and a new QR Code will be generated.

Impersonate Account

This option allows you to set the user the API request will use on each action.

WordPress Roles in the Gravity Forms REST API

Gravity Forms supports authenticating REST API requests using credentials. Remember that the Gravity Forms capabilities assigned to the user authenticating the request will be honored. For example, if the user does not have the capability to edit entries (gravityforms_edit_entries), requests to update entries will fail. See the Role Management article for details about the available capabilities and how to manage them.