Hiding options page from the rest api

[TylerBarnes]

Hi, awesome plugin!

Is it possible to prevent access to a specific options page? I want to store an API key there but I don't want it to be publicly available.

My field is registered via php and I've added this to the field.

            'show_in_rest' => 0,
            'edit_in_rest' => 0,

It still shows up in the rest api though.

I figure I need to use a permissions filter

add_filter( 'acf/rest_api/item_permissions/get', function( $permission ) {
  return current_user_can( 'edit_posts' );
} );

But I'm not sure how this filter can be used to disable getting a specific field.

Is there a way for me to prevent api access to a specific options page or field?

[stephanedemotte]

Same here 'acf/rest_api/item_permissions/get' don't work anymore

With

add_filter( 'acf/rest_api/item_permissions/get', function( $permission, $request, $type ) {
  return false;
}, 10, 3);

I can still get data

EDIT

Can get /wp-json/acf/v3/{post-type} data but no /wp-json/acf/v3/{post-type}/{id}

So almost work :)

[RobWiddick]

To hide the options output, use this filter and return false like so:

add_filter( 'acf/rest_api/option/get_fields', '__return_false');