For posteriority, there was a similar question about the authorization needed for the custom field APIs which I provided here: Help with security vulnerability in Forge app - #11 by JoshuaWong.
For posteriority, there was a similar question about the authorization needed for the custom field APIs which I provided here: Help with security vulnerability in Forge app - #11 by JoshuaWong.