REST API v1

API Documentation

Create forms, retrieve submissions, and manage your form backend programmatically. Full CRUD access with API key authentication.

Get Your API Key

Authentication Forms Submissions Errors

Base URL

https://formslist.com/api/v1

Authentication

All API requests require a Bearer token using your API key. Generate API keys from your dashboard under Account → API Keys.

API keys are hashed (SHA-256) before storage and cannot be retrieved after creation. Keep your key secure — treat it like a password. If compromised, revoke it immediately from the dashboard and generate a new one.

Request Header

Authorization: Bearer fl_your_api_key_here

Example — cURL

curl https://formslist.com/api/v1/forms \
  -H "Authorization: Bearer fl_live_a1b2c3d4e5f6"

Example — JavaScript (fetch)

const response = await fetch('https://formslist.com/api/v1/forms', {
  headers: {
    'Authorization': 'Bearer fl_live_a1b2c3d4e5f6',
    'Content-Type': 'application/json',
  },
});

const { data } = await response.json();
console.log(data); // Array of forms

Example — Python (requests)

import requests

headers = {"Authorization": "Bearer fl_live_a1b2c3d4e5f6"}
response = requests.get("https://formslist.com/api/v1/forms", headers=headers)

data = response.json()["data"]
print(data)  # List of forms

Security: Never expose your API key in client-side JavaScript (browser code). API keys should only be used in server-side code, environment variables, or CI/CD pipelines.

Rate Limits

All endpoints are rate-limited to 100 requests per 60-second window per API key. Exceeding the limit returns 429 Too Many Requests.

Response Format

All successful responses return JSON with a data field. List endpoints include a meta field with pagination info.

Success Response

{
  "data": { ... },
  "meta": {
    "page": 1,
    "per_page": 25,
    "total": 42,
    "total_pages": 2
  }
}

Error Response

{
  "error": "Missing or invalid Authorization header"
}

Forms

Create, read, update, and delete form endpoints. Each form has a unique hash used as the submission endpoint at /f/{hash}.

List Forms

GET

/api/v1/forms

Returns all forms belonging to your team.

Response Fields

Parameter	Type	Required	Description
`id`	string	Optional	Unique form ID
`name`	string	Optional	Form name
`hash`	string	Optional	Public form hash for the submission endpoint
`endpoint`	string	Optional	Full submission path (/f/{hash})
`submission_count`	number	Optional	Total submissions received
`is_active`	boolean	Optional	Whether the form accepts submissions
`created_at`	string	Optional	ISO 8601 timestamp

cURL

curl https://formslist.com/api/v1/forms \
  -H "Authorization: Bearer fl_live_a1b2c3d4e5f6"

Response (200 OK)

{
  "data": [
    {
      "id": "frm_8kTn2xLm",
      "name": "Contact Form",
      "hash": "abc123def",
      "endpoint": "/f/abc123def",
      "submission_count": 47,
      "is_active": true,
      "created_at": "2026-03-15T10:30:00Z"
    }
  ],
  "meta": { "total": 1 }
}

Create Form

POST

/api/v1/forms

Creates a new form endpoint.

Request Body

Parameter	Type	Required	Description
`name`	string	Required	Form name
`description`	string	Optional	Form description

cURL

curl -X POST https://formslist.com/api/v1/forms \
  -H "Authorization: Bearer fl_live_a1b2c3d4e5f6" \
  -H "Content-Type: application/json" \
  -d '{"name": "Contact Form", "description": "Main site contact"}'

Response (201 Created)

{
  "data": {
    "id": "frm_9pQr3yMn",
    "name": "Contact Form",
    "hash": "xyz789abc",
    "endpoint": "/f/xyz789abc",
    "is_active": true,
    "created_at": "2026-03-22T14:00:00Z"
  }
}

Get Form

GET

/api/v1/forms/:formId

Returns details for a single form.

cURL

curl https://formslist.com/api/v1/forms/frm_8kTn2xLm \
  -H "Authorization: Bearer fl_live_a1b2c3d4e5f6"

Update Form

PATCH

/api/v1/forms/:formId

Updates a form's properties. All fields are optional.

Request Body

Parameter	Type	Required	Description
`name`	string	Optional	New form name
`description`	string	Optional	New description
`is_active`	boolean	Optional	Enable or disable the form

cURL

curl -X PATCH https://formslist.com/api/v1/forms/frm_8kTn2xLm \
  -H "Authorization: Bearer fl_live_a1b2c3d4e5f6" \
  -H "Content-Type: application/json" \
  -d '{"name": "Updated Contact Form", "is_active": false}'

Delete Form

DELETE

/api/v1/forms/:formId

Permanently deletes a form and all its submissions. This action cannot be undone.

cURL

curl -X DELETE https://formslist.com/api/v1/forms/frm_8kTn2xLm \
  -H "Authorization: Bearer fl_live_a1b2c3d4e5f6"

Response (200 OK)

{
  "data": { "deleted": true }
}

Submissions

Retrieve form submissions programmatically. Submissions are created when users submit forms via the /f/{hash} endpoint — they cannot be created via the API.

List Submissions

GET

/api/v1/forms/:formId/submissions

Returns paginated submissions for a form, newest first.

Query Parameters

Parameter	Type	Required	Description
`page`	number	Optional	Page number (default: 1)
`per_page`	number	Optional	Results per page (max 100) (default: 25)

Response Fields

Parameter	Type	Required	Description
`id`	string	Optional	Submission ID
`data`	object	Optional	Submitted form data as key-value pairs
`is_spam`	boolean	Optional	Whether flagged as spam by AI scoring
`created_at`	string	Optional	ISO 8601 timestamp

cURL

curl "https://formslist.com/api/v1/forms/frm_8kTn2xLm/submissions?page=1&per_page=50" \
  -H "Authorization: Bearer fl_live_a1b2c3d4e5f6"

Response (200 OK)

{
  "data": [
    {
      "id": "sub_4jKp7rWs",
      "data": {
        "name": "Sarah Chen",
        "email": "sarah@example.com",
        "message": "Interested in your Pro plan. Can we schedule a demo?"
      },
      "is_spam": false,
      "created_at": "2026-03-22T09:15:00Z"
    },
    {
      "id": "sub_2mNq9tYu",
      "data": {
        "name": "Marcus Rivera",
        "email": "marcus@agency.co",
        "message": "We build 20+ client sites per year. Is there an agency plan?"
      },
      "is_spam": false,
      "created_at": "2026-03-21T16:42:00Z"
    }
  ],
  "meta": {
    "page": 1,
    "per_page": 50,
    "total": 47,
    "total_pages": 1
  }
}

Get Submission

GET

/api/v1/submissions/:submissionId

Returns a single submission with full details including metadata.

Response Fields

Parameter	Type	Required	Description
`id`	string	Optional	Submission ID
`form_id`	string	Optional	Parent form ID
`data`	object	Optional	Submitted form data
`metadata`	object \| null	Optional	Request metadata (IP geolocation, user agent, UTM params)
`is_spam`	boolean	Optional	Whether flagged as spam
`is_read`	boolean	Optional	Whether marked as read in the dashboard
`created_at`	string	Optional	ISO 8601 timestamp

cURL

curl https://formslist.com/api/v1/submissions/sub_4jKp7rWs \
  -H "Authorization: Bearer fl_live_a1b2c3d4e5f6"

Response (200 OK)

{
  "data": {
    "id": "sub_4jKp7rWs",
    "form_id": "frm_8kTn2xLm",
    "data": {
      "name": "Sarah Chen",
      "email": "sarah@example.com",
      "message": "Interested in your Pro plan."
    },
    "metadata": {
      "ip": "203.0.113.42",
      "country": "US",
      "city": "San Francisco",
      "user_agent": "Mozilla/5.0...",
      "utm_source": "twitter",
      "utm_medium": "social"
    },
    "is_spam": false,
    "is_read": true,
    "created_at": "2026-03-22T09:15:00Z"
  }
}

Submitting Forms

Form submissions are sent to https://formslist.com/f/{hash} — this is a separate endpoint from the REST API and does not require authentication.

HTML Form

HTML

<form action="https://formslist.com/f/your_form_hash" method="POST">
  <input name="name" type="text" required />
  <input name="email" type="email" required />
  <textarea name="message" required></textarea>
  <button type="submit">Send</button>
</form>

AJAX / Fetch (JSON response)

Set Accept: application/json to receive a JSON response instead of a redirect.

JavaScript

const response = await fetch('https://formslist.com/f/your_form_hash', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Accept': 'application/json',
  },
  body: JSON.stringify({
    name: 'Sarah Chen',
    email: 'sarah@example.com',
    message: 'Hello from JavaScript!',
  }),
});

const result = await response.json();
// { "success": true, "submission_id": "sub_..." }

Special Fields

Parameter	Type	Required	Description
`_redirect`	string	Optional	URL to redirect to after submission (HTML forms only)
`_replyto`	string	Optional	Email address for auto-responder (overrides "email" field)
`_gotcha`	string	Optional	Honeypot field — leave empty. If filled, submission is marked as spam
`_captcha`	string	Optional	CAPTCHA token (reCAPTCHA, Turnstile, or hCaptcha)

Error Codes

Status	Meaning	Common Cause
`400`	Bad Request	Missing required fields (e.g., name on form creation)
`401`	Unauthorized	Missing, malformed, or invalid API key
`403`	Forbidden	Team has reached its plan's form limit
`404`	Not Found	Resource does not exist or belongs to a different team
`429`	Too Many Requests	Rate limit exceeded (100 req/min per key)
`500`	Server Error	Internal error — contact support if persistent

Ready to integrate?

API access is available on Pro ($15/mo) and Business ($45/mo) plans.

Get Started Free View Pricing