Authentication

The programmatic API allows you to interact with forms.wtf from your own code.

Requires Team plan or higher.

API keys

Go to Settings → API Keys
Click Create API Key
Give it a name (e.g. "Production integration")
Copy the key — it's shown only once

Store your API key securely. Treat it like a password. Do not commit it to version control.

Making requests

Include your API key as a Bearer token in the Authorization header:

Authorization: Bearer YOUR_API_KEY

Base URL:

https://forms.wtf/api/v1

Example request:

curl https://forms.wtf/api/v1/forms \
  -H "Authorization: Bearer YOUR_API_KEY"

Rate limits

API requests are rate-limited per key. If you exceed the limit, you'll receive a 429 Too Many Requests response.

Current limits:

60 requests per minute per API key

Error responses

All errors return JSON with an error field:

{
  "error": "Unauthorized"
}

HTTP status

Meaning

400

Bad request — check your request body

401

Unauthorized — missing or invalid API key

403

Forbidden — your plan doesn't include this feature

404

Not found

429

Rate limit exceeded

500

Server error

Revoking keys

Go to Settings → API Keys, find the key, and click Revoke. The key is immediately invalidated.

Key security best practices

Rotate keys periodically
Create separate keys for different integrations (easier to revoke one without disrupting others)
Never expose your API key in client-side code or public repositories

PreviousCrypto Payments NextForms API

Last updated 12 minutes ago

Was this helpful?

Good evening

hashtagAPI keys

hashtagMaking requests

hashtagRate limits

hashtagError responses

hashtagRevoking keys