Form API

Form API

Create your own form endpoints, collect all submissions instantly, manage with an API.
Free Plan $0.00 Monthly Subscribe
50 Requests / Monthly
Free for Lifetime
No Credit Card Required
MOST POPULAR
Starter Plan $4.99 Monthly Subscribe
10,000 Requests / Monthly
Standard Support
Works for GET, POST and PUT methods
Auto CSRF protection from spammers
Automatically collects all data from form fields
Works with all programming languages and frameworks
Collects all browser, operating system, geo location details from submissions
Ability to set your own results page
Pro Plan $19.99 Monthly Subscribe
50,000 Requests / Monthly
Standard Support
Works for GET, POST and PUT methods
Auto CSRF protection from spammers
Automatically collects all data from form fields
Works with all programming languages and frameworks
Collects all browser, operating system, geo location details from submissions
Ability to set your own results page
Custom Plan Volume Monthly Contact Us
Any requests volume you need
Works for GET, POST and PUT methods
Auto CSRF protection from spammers
Automatically collects all data from form fields
Works with all programming languages and frameworks
Collects all browser, operating system, geo location details from submissions
Ability to set your own results page

As software developers, we know how frustrating it can be to code a form backend to collect a few simple fields. This API makes it extremely easy to create a new form endpoint. It is an ideal solution for designers and developers, and you can create and use your form endpoint within seconds. All information submitted to this endpoint is automatically collected and stored for you. Moreover, with the browser, operating system, location and all other details of the person submitting the form.

We do not use any CSS libraries, no iframes and complex structures. Moreover, we generate single-use CSRF (cross site request forgery) tokens completely automatically and ensure the security of your forms. Thus, you protect yourself greatly from spambots.

How to use it

Start by creating a new form and giving it a name. Like:


curl --request POST \
--url 'https://api.apilayer.com/form' \
--header 'apikey: YOUR API KEY' \
--data-raw 'My cool form'

It will generate a form and return it's unique id and the URL for submission.


{
    "id": "d2f1d1a6-dd80-11ea-9926-0242c0a83002",
    "name": "My cool form",
    "form_url": "https://form.codes/f/d2f1d1a6-dd80-11ea-9926-0242c0a83002"
}

Notice the form url above and use it anywhere as the action value of any HTML form on your code. Like:


<form action="https://form.codes/f/d2f1d1a6-dd80-11ea-9926-0242c0a83002" method="POST">
     <input type="text" name="firstName" id="firstName">
     <input type="email" name="emailAddress">
     <textarea name="answer"></textarea>
</form>

<script type='text/javascript'>
(function() {
var wa = document.createElement('script'); wa.type = 'text/javascript'; wa.async = true;
wa.src = 'https://form.codes/csrf/d2f1d1a6-dd80-11ea-9926-0242c0a83002.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(wa, s);
})();
</script>

Notice the script just below the HTML form. It is there to generate a unique CSRF token for your form and protect you from spammers. Do not forget it.

That's it. You are ready to go and collect any information submitted to this form and get all its details with a powerful API. Check the documentation tab for more details and also check form.codes web page for more details

Form API Reference

This API is organized around REST. Our API has predictable resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

Just Getting Started?

Check out our development quickstart guide.

Authentication

Form API uses API keys to authenticate requests. You can view and manage your API keys in the Accounts page.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

All requests made to the API must hold a custom HTTP header named "apikey". Implementation differs with each programming language. Below are some samples.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Endpoints

Deletes a form

Parameters

form_id (required)

form_id to delete

Location: Path, Data Type: string

** A word enclosed with curly brackets "{ }" in the code means that it is a parameter and it should be replaced with your own values when executing. (also overwriting the curly brackets).
Returns

Below is a sample response from the endpoint


If you wish to play around interactively with real values and run code, see...

Deletes a form submission

Parameters

form_id (required)

form_id

Location: Path, Data Type: string

submission_id (required)

id of the submission to delete

Location: Path, Data Type: string

** A word enclosed with curly brackets "{ }" in the code means that it is a parameter and it should be replaced with your own values when executing. (also overwriting the curly brackets).
Returns

Below is a sample response from the endpoint


If you wish to play around interactively with real values and run code, see...

Gets a form

Parameters

form_id (required)

form_id to get

Location: Path, Data Type: string

** A word enclosed with curly brackets "{ }" in the code means that it is a parameter and it should be replaced with your own values when executing. (also overwriting the curly brackets).
Returns

Below is a sample response from the endpoint


If you wish to play around interactively with real values and run code, see...

Gets a form submission and its all details (location, device, os, browser and form contents)

Parameters

form_id (required)

form_id

Location: Path, Data Type: string

submission_id (required)

id of the submission to get

Location: Path, Data Type: string

** A word enclosed with curly brackets "{ }" in the code means that it is a parameter and it should be replaced with your own values when executing. (also overwriting the curly brackets).
Returns

Below is a sample response from the endpoint


If you wish to play around interactively with real values and run code, see...

Lists all submissions for a form

Parameters

form_id (required)

form_id to get its submissions

Location: Path, Data Type: string

offset (optional)

offset for pagination. Default to 0

Location: Query, Data Type: integer

pagesize (optional)

how many submissions to fetch (defaults to 100)

Location: Query, Data Type: integer

** A word enclosed with curly brackets "{ }" in the code means that it is a parameter and it should be replaced with your own values when executing. (also overwriting the curly brackets).
Returns

Below is a sample response from the endpoint


If you wish to play around interactively with real values and run code, see...

Gets all the forms for the current user

Parameters
No parameters.
Returns

Below is a sample response from the endpoint


If you wish to play around interactively with real values and run code, see...

/form

Parameters

body (required)

Form name

Location: Body, Data Type: string

** A word enclosed with curly brackets "{ }" in the code means that it is a parameter and it should be replaced with your own values when executing. (also overwriting the curly brackets).
Returns

Below is a sample response from the endpoint


If you wish to play around interactively with real values and run code, see...

Updates a form name

Parameters

body (required)

New form name

Location: Body, Data Type: string

form_id (required)

form_id to update

Location: Path, Data Type: string

** A word enclosed with curly brackets "{ }" in the code means that it is a parameter and it should be replaced with your own values when executing. (also overwriting the curly brackets).
Returns

Below is a sample response from the endpoint


If you wish to play around interactively with real values and run code, see...

Updates the result page for a form

Parameters

body (required)

New form's results page url to update

Location: Body, Data Type: string

form_id (required)

form_id to update its result page

Location: Path, Data Type: string

** A word enclosed with curly brackets "{ }" in the code means that it is a parameter and it should be replaced with your own values when executing. (also overwriting the curly brackets).
Returns

Below is a sample response from the endpoint


If you wish to play around interactively with real values and run code, see...

Rate Limiting

Each subscription has its own rate limit. When you become a member, you start by choosing a rate limit that suits your usage needs. Do not worry; You can upgrade or downgrade your plan at any time. For this reason, instead of starting with a larger plan that you do not need, we can offer you to upgrade your plan after you start with "free" or "gold plan" options and start using the API.

When you reach a rate limit (both daily and monthly), the service will stop responding and returning the HTTP 429 response status code (Too many requests) for each request with the following JSON string body text.

{
"message":"You have exceeded your daily\/monthly API rate limit. Please review and upgrade your subscription plan at https:\/\/apilayer.com\/subscriptions to continue."
}

A reminder email will be sent to you when your API usage reaches both 80% and 90%, so that you can take immediate actions such as upgrading your plan in order to prevent your application using the API from being interrupted.

You can also programmatically check your rate limit yourself. As a result of each request made to the APILayer, the following 4 fields provide you with all the necessary information within the HTTP Headers.

x-ratelimit-limit-month: Request limit per month
x-ratelimit-remaining-month: Request limit remaining this month
x-ratelimit-limit-day: Request limit per day
x-ratelimit-remaining-day: Request limit remaining today

You can contact our support unit if you need any assistance with your application regarding to handle the returned result by looking at the header information.

Error Codes

APILayer uses standard HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate a clientside error, which means that failed given the information provided (e.g., a missing parameter, unauthorized access etc.). Codes in the 5xx range indicate an error with APILayer's servers (normally this should'nt happen at all).

If the response code is not 200, it means the operation failed somehow and you may need to take an action accordingly. You can check the response (which will be in JSON format) for a field called 'message' that briefly explains the error reported.

Status Code Explanation
400 - Bad Request The request was unacceptable, often due to missing a required parameter.
401 - Unauthorized No valid API key provided.
404 - Not Found The requested resource doesn't exist.
429 - Too many requests API request limit exceeded. See section Rate Limiting for more info.
5xx - Server Error We have failed to process your request. (You can contact us anytime)

You can always contact for support and ask for more assistance. We'll be glad to assist you with building your product.