Submissions

Overview

The Submissions API handles form submissions, response retrieval, and export functionality. Submissions can be made publicly (without authentication) or via authenticated API requests.

Endpoints

Submit Form

Submit a response to a form.

Endpoint: POST /forms/{id}/submit

Authentication: Optional (API key recommended for server-side, publishable key for client-side)

Path Parameters:

  • id (required): Form ID

Request Body:

{
  "answers": {
    "name": "John Doe",
    "email": "john@example.com",
    "message": "Hello world"
  },
  "sessionId": "session_123",
  "recaptchaToken": "token_from_recaptcha"
}

Response: 201 Created

{
  "id": "rsp_456",
  "submittedAt": "2024-01-01T00:00:00Z",
  "answers": {
    "name": "John Doe",
    "email": "john@example.com",
    "message": "Hello world"
  },
  "spamChecked": true
}

Error Responses:

  • 400: Invalid request (missing required fields, validation errors)

  • 404: Form not found

  • 429: Rate limit exceeded or quota exceeded

    {
  "error": "Quota exceeded. You have used 1000 of 1000 submissions this month.",
  "quotaExceeded": true,
  "remaining": 0,
  "resetAt": "2024-02-01T00:00:00Z"
}

Rate Limiting:

  • Public submissions: Rate limited by IP address

  • Authenticated submissions: Rate limited by user

  • Retry-After header indicates when to retry

Spam Protection:

  • Honeypot fields (if configured)

  • reCAPTCHA validation (if configured)

  • Custom spam rules (if configured)

List Responses

List form responses with pagination.

Endpoint: GET /responses?form_id={formId}&environment={environment}

Authentication: Required (Session token)

Query Parameters:

  • form_id (required): Form ID

  • environment (required): Workspace environment

  • limit (optional): Items per page (default: 50, max: 100)

  • cursor (optional): Pagination cursor

  • from (optional): Start date (ISO 8601)

  • to (optional): End date (ISO 8601)

Response: 200 OK

{
  "items": [
    {
      "submission": {
        "id": "rsp_456",
        "formId": "form_123",
        "submittedAt": "2024-01-01T00:00:00Z",
        "answers": {
          "name": "John Doe",
          "email": "john@example.com"
        },
        "status": "completed"
      },
      "meta": {
        "read": false,
        "starred": false,
        "notes": []
      }
    }
  ],
  "pagination": {
    "nextCursor": "eyJpZCI6IjEyMyJ9",
    "hasMore": true
  }
}

Error Responses:

  • 400: Missing required parameters

  • 401: Unauthorized

  • 403: Forbidden (not form owner)

  • 404: Form not found

Export Responses

Export form responses as CSV.

Endpoint: GET /responses?form_id={formId}&environment={environment}&format=csv

Authentication: Required (Session token)

Query Parameters:

  • form_id (required): Form ID

  • environment (required): Workspace environment

  • format (required): Must be csv

Response: 200 OK

Content-Type: text/csv

name,email,message,submittedAt
John Doe,john@example.com,Hello,2024-01-01T00:00:00Z
Jane Smith,jane@example.com,Hi,2024-01-02T00:00:00Z

Error Responses:

  • 400: Missing required parameters

  • 401: Unauthorized

  • 404: Form not found

Get Submission

Retrieve a specific submission by ID.

Endpoint: GET /responses/{submissionId}?form_id={formId}&environment={environment}

Authentication: Required (Session token)

Path Parameters:

  • submissionId (required): Submission ID

Query Parameters:

  • form_id (required): Form ID

  • environment (required): Workspace environment

Response: 200 OK

{
  "submission": {
    "id": "rsp_456",
    "formId": "form_123",
    "submittedAt": "2024-01-01T00:00:00Z",
    "answers": {
      "name": "John Doe",
      "email": "john@example.com"
    },
    "status": "completed"
  },
  "meta": {
    "read": false,
    "starred": false,
    "notes": []
  }
}

Read Submission

Mark a submission as read.

Endpoint: POST /responses/{submissionId}/read

Authentication: Required (Session token)

Response: 200 OK

{
  "success": true
}

Star Submission

Star or unstar a submission.

Endpoint: POST /responses/{submissionId}/star

Authentication: Required (Session token)

Request Body:

{
  "starred": true
}

Response: 200 OK

{
  "success": true,
  "starred": true
}

Add Note

Add a note to a submission.

Endpoint: POST /responses/{submissionId}/notes

Authentication: Required (Session token)

Request Body:

{
  "note": "Follow up needed"
}

Response: 200 OK

{
  "id": "note_789",
  "note": "Follow up needed",
  "createdAt": "2024-01-01T00:00:00Z"
}

Reply to Submission

Send a reply to a submission (email).

Endpoint: POST /responses/{submissionId}/reply

Authentication: Required (Session token)

Request Body:

{
  "message": "Thank you for your submission",
  "subject": "Re: Contact Form Submission"
}

Response: 200 OK

{
  "success": true,
  "messageId": "msg_123"
}

Submission Processing

Validation

Submissions are validated against the form schema:

  1. Required Fields: All required fields must be present

  2. Field Types: Values must match field types (text, email, number, etc.)

  3. Validation Rules: Min/max length, patterns, ranges are enforced

  4. Conditional Logic: Only visible fields are accepted

Spam Protection

If spam protection is enabled:

  1. Honeypot: Hidden fields that should remain empty

  2. reCAPTCHA: Token validation (if configured)

  3. Custom Rules: Field-based spam detection

  4. Actions: reject, flag, or quarantine

Rate Limiting

  • IP-based: Public submissions rate limited by IP

  • User-based: Authenticated submissions rate limited by user

  • Quota: Monthly submission quotas per user/environment

PII Handling

PII fields are handled according to form configuration:

  • Plain: Stored as-is

  • Masked: Partially masked in responses

  • Hashed: SHA-256 hashed

  • Encrypted: KMS-encrypted

  • Dropped: Not stored

Response Metadata

Responses include metadata for management:

{
  "meta": {
    "read": false,           // Read status
    "starred": false,         // Starred status
    "notes": [],             // Admin notes
    "tags": []               // Tags
  }
}

Examples

Submit a Form (Public)

curl -X POST https://api.formr.xyz/forms/form_123/submit \
  -H "Content-Type: application/json" \
  -d '{
    "answers": {
      "name": "John Doe",
      "email": "john@example.com"
    },
    "sessionId": "session_123"
  }'

Submit a Form (Authenticated)

curl -X POST https://api.formr.xyz/forms/form_123/submit \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "answers": {
      "name": "John Doe",
      "email": "john@example.com"
    }
  }'

List Responses

curl -X GET "https://api.formr.xyz/responses?form_id=form_123&environment=development&limit=50" \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN"

Export Responses as CSV

curl -X GET "https://api.formr.xyz/responses?form_id=form_123&environment=development&format=csv" \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN" \
  -o responses.csv

Next Steps

  • API Reference - API overview

  • Forms API - Form management

  • Analytics API - Analytics and reporting

PreviousFormsNextTemplates

Last updated