Sekura REST Bridge for ACF

Sekura REST Bridge for ACF securely exposes Advanced Custom Fields in the WordPress REST API. Based on ACF to REST API by Aires Goncalves, rebuilt with security as a first-class concern.

The original ACF to REST API plugin exposes all ACF field data to unauthenticated requests, including options pages (which often contain API keys and secrets), user profile fields, and fields on private/draft posts. This plugin fixes that with proper WordPress capability checks on every endpoint.

Features

• Proper permission checks on every endpoint
• Per-field Show in REST API / Edit in REST API toggles
• Works alongside ACF Pro’s native REST support
• Drop-in replacement for ACF to REST API (same acf/v3 namespace)
• Filterable permissions for custom access control

Endpoints

• GET /wp-json/acf/v3/{post_type}/{id} – Get ACF fields for a post
• GET /wp-json/acf/v3/{post_type}/{id}/{field} – Get a specific field
• PUT /wp-json/acf/v3/{post_type}/{id} – Update ACF fields
• GET /wp-json/acf/v3/options/{id} – Get ACF options page fields
• GET /wp-json/acf/v3/users/{id} – Get ACF fields for a user
• GET /wp-json/acf/v3/comments/{id} – Get ACF fields for a comment

ACF data is also appended as an acf key on standard WP REST API responses.