Authentication
Authentication
Section titled “Authentication”FormSentry uses API keys to authenticate requests. Your API keys are available in your dashboard.
Getting Your API Key
Section titled “Getting Your API Key”- Log in to app.formsentry.ai
- Navigate to Settings → API Keys
- Copy your API key
- Keep your API key secure - never commit it to version control
Using Your API Key
Section titled “Using Your API Key”Include your API key in the request body when making API calls:
{ "apiKey": "fs_e7a9c4b1f0d6a2c89e5b3d7f4a1c6e2b9085df3a9c4e7b1a6d2f508c9e3b4", "formId": "your-form-id", "payload": { // your form data }}Security Best Practices
Section titled “Security Best Practices”Store API Keys Securely
Section titled “Store API Keys Securely”Never hardcode API keys in your source code. Use environment variables instead:
// ✅ Goodconst apiKey = process.env.FORMSENTRY_API_KEY;
// ❌ Badconst apiKey = "fs_e7a9c4b1f0d6a2c89e5b3d7f4a1c6e2b9085df3a9c4e7b1a6d2f508c9e3b4";Use Different Keys for Different Environments
Section titled “Use Different Keys for Different Environments”Create separate API key/formID combinations for:
- Development
- Staging
- Production
This allows you to rotate keys without affecting other environments.
Rotate Keys Regularly
Section titled “Rotate Keys Regularly”For enhanced security, rotate your API keys periodically:
- Create a new API key
- Update your application
- Test thoroughly
- Revoke the old key
Rate Limiting
Section titled “Rate Limiting”The verify endpoint is rate limited on a per-form, per-IP basis using a token bucket algorithm. You can configure the burst capacity and refill rate for each form in the dashboard. See Rate Limiting for full details.
Error Responses
Section titled “Error Responses”Invalid API Key
Section titled “Invalid API Key”{ "error": "Invalid API key", "code": "INVALID_API_KEY", "status": 401}Next Steps
Section titled “Next Steps”- Learn about the Verify Endpoint
- View code examples