Formora API keys provide a way for developers and external applications to interact with your Formora account programmatically. This allows for building custom integrations, automating data extraction, or performing other advanced tasks beyond the scope of built-in integrations or platforms like Zapier.

API keys grant significant access to your Formora account. Treat them like passwords and keep them secure. They are intended for server-side applications and should never be embedded in client-side JavaScript, mobile apps, or public code repositories.

What Can You Do with API Keys?

  • Custom Application Integration: Connect Formora to your in-house applications or backend systems.
  • Programmatic Data Retrieval: Automatically fetch form structures, submission data, or analytics for custom reporting or dashboards.
  • Automated Form Management: (If API endpoints support it) Programmatically create, update, or manage your forms.
  • Advanced Workflows: Build complex data processing pipelines triggered by Formora events.

Accessing API Key Management

To manage your API keys:

  1. Log in to your Formora dashboard.
  2. Navigate to Account Settings (usually via your profile avatar).
  3. Look for a tab or section labeled “API,” “Developer Tools,” or “API Keys.”

API Keys management section within Formora Account Settings.

Generating a New API Key

  1. Click the “Generate New API Key,” “Create API Key,” or similar button.
  2. Name Your Key: Provide a descriptive name for the key so you can easily identify its purpose later (e.g., “Internal CRM Sync,” “Nightly Backup Script,” “Zapier Fallback Hook”). This is crucial for management.
  3. Assign Permissions/Scopes (If Available):
    • Formora may allow you to assign specific permissions (scopes) to an API key. This is a vital security feature that limits what the key can do.
    • Examples of scopes could include:
      • submissions:read: Read access to submission data.
      • forms:read: Read access to form structures.
      • forms:write: Ability to create or modify forms.
      • Access to specific forms only.
    • Always grant only the minimum permissions necessary for the key’s intended use (Principle of Least Privilege).
    • If scopes are not offered, be aware that the API key likely grants broad, potentially full, access to your account data via the API.
  4. Copy Your API Key: Once generated, the API key will be displayed ONCE. You must copy it immediately and store it in a secure location. Formora will not show you this key again for security reasons. If you lose it, you will need to revoke the old key and generate a new one.

Dialog for generating a new API key, including fields for name, selecting scopes (if applicable), and displaying the generated key once.

Managing Existing API Keys

The API Keys section will list all your generated keys, typically showing:

  • Name: The descriptive name you gave the key.
  • Creation Date: When the key was generated.
  • Last Used Date (If Tracked): Helps identify unused or potentially compromised keys.
  • Scopes/Permissions (If Applicable): The permissions assigned to the key.
  • Actions: Options to manage each key.

Common Management Actions:

  • Rename Key: You can usually edit the descriptive name of an API key.
  • Regenerate Key (If Available): Some systems offer an option to regenerate a key. This invalidates the old key value and provides a new one. Use this if you suspect a key has been compromised but want to maintain the same permissions for the application using it.
  • Revoke / Delete Key: This permanently disables and deletes the API key. Any application or script using this key will immediately lose access to your Formora account via the API. This action cannot be undone.

Using Your API Key

To authenticate requests to the Formora API, you will typically include your API key in an HTTP header. The most common method is using the Authorization header with the Bearer scheme:

Authorization: Bearer YOUR_API_KEY

Replace YOUR_API_KEY with the actual key you copied.

For detailed information on available API endpoints, request formats, response structures, and specific authentication requirements, please refer to the official Formora API Reference documentation (a link would typically be provided here by Formora, e.g., /api-reference).

Security Best Practices for API Keys

  • Treat Like Passwords: API keys are sensitive credentials. Protect them as you would your account password.
  • Confidentiality: Never embed API keys directly in client-side code (JavaScript in a web browser), mobile application code, or commit them to public version control systems (like GitHub).
  • Server-Side Storage: Store API keys securely on your server, typically as environment variables or using a secrets management service.
  • One Key Per Application/Use Case: Generate a unique API key for each distinct application, service, or script that needs programmatic access. This allows you to revoke access for a specific application without affecting others.
  • Principle of Least Privilege: If Formora allows assigning scopes or permissions to API keys, always grant only the minimum set of permissions required for the key’s specific purpose.
  • Monitor Usage: If Formora provides information on when keys were last used, review this periodically for any unexpected activity.
  • Revoke Unused or Compromised Keys: If an API key is no longer needed, or if you suspect it has been compromised or accidentally exposed, revoke it immediately from the Formora API Keys management page.

API Rate Limits

Like most APIs, Formora’s API may be subject to rate limits to ensure fair usage and stability for all users. Exceeding these limits might result in temporary blocking of requests from your API key. Consult the Formora API documentation for details on specific rate limits.

By following these guidelines, you can securely leverage Formora API keys to extend and customize your form data workflows. This completes the “Account & Settings” section.