An API key is a unique string of characters used to authenticate and authorize requests to a web API, identifying the caller and controlling access to API resources.
API keys are the simplest form of API authentication. When you want to access an API programmatically — creating forms, reading submissions, or managing integrations via code — you include your API key with each request to prove your identity.
Think of an API key like a password for your application. The API server checks the key against its records: if the key is valid, the request is processed; if not, it's rejected with a 401 Unauthorized error. Unlike user passwords, API keys are typically long random strings that are hard to guess.
API keys should be treated as secrets. Never commit them to public git repositories, never include them in client-side JavaScript (where anyone can see them in the browser), and never share them in emails or chat. Store them in environment variables or secret management services.
FormsList provides API keys for programmatic access to the REST API. You can create forms, list submissions, export data, and manage integrations entirely through API calls. Generate keys in the dashboard under Account > API Keys, and revoke them instantly if compromised.
Include your API key in the Authorization header: Authorization: Bearer fl_key_abc123. The server validates the key and processes your request.
Store your API key in a .env file: FORMSLIST_API_KEY=fl_key_abc123. Access it in code via process.env.FORMSLIST_API_KEY instead of hardcoding it.
Add your API key as a secret in GitHub Actions or your CI/CD platform to run automated scripts that interact with the FormsList API during deployments.
Set up your form backend in under a minute. No server required, no complex configuration — just a simple endpoint for your forms.