REST API behavior and authorization

Understand how BP Builder Addons REST endpoints handle current-user authentication, nonces, licenses, permissions, validation, privacy, and no-cache responses.

Authorization model

Cookie-authenticated mutations require a WordPress REST nonce. Every endpoint repeats feature availability, audience, ownership, membership, privacy, and input validation appropriate to the action.

Cache safety

Private and real-time REST responses send no-store behavior so page caches do not serve one member's state to another.

Extension points

Use documented WordPress and BuddyPress hooks around native data. Do not bypass REST authorization by writing directly from public JavaScript.

View BP Builder Addons