fastsubmit.
Get Started

API Documentation

Complete guide to integrating FastSubmit with your website or application.

Overview

FastSubmit provides a simple REST API for collecting form submissions. No backend code required!

Public Endpoint: The form submission endpoint is public and doesn't require authentication. Perfect for static websites, landing pages, and client-side applications.

Submit Form Data

POST/api/submit/:formId

Submit form data to your FastSubmit form. Accepts both JSON and form-encoded data.

Parameters

formIdrequired

Your unique form ID from the dashboard

Request Body

Send your form fields as key-value pairs. Field names must match your form configuration.

HTML Form

<form action="https://yourapp.com/api/submit/YOUR_FORM_ID" method="POST">
  <input type="text" name="name" placeholder="Your name" required />
  <input type="email" name="email" placeholder="your@email.com" required />
  <textarea name="message" placeholder="Your message"></textarea>
  
  <!-- Honeypot spam protection (keep hidden) -->
  <input type="text" name="_honeypot" style="display:none" />
  
  <button type="submit">Submit</button>
</form>

JavaScript (Fetch API)

const formData = {
  name: "John Doe",
  email: "john@example.com",
  message: "Hello!"
};

fetch("https://yourapp.com/api/submit/YOUR_FORM_ID", {
  method: "POST",
  headers: {
    "Content-Type": "application/json"
  },
  body: JSON.stringify(formData)
})
.then(response => response.json())
.then(data => {
  if (data.success) {
    alert("Form submitted successfully!");
  }
})
.catch(error => console.error("Error:", error));

React Example

import { useState } from 'react';

function ContactForm() {
  const [formData, setFormData] = useState({
    name: '',
    email: '',
    message: ''
  });
  const [status, setStatus] = useState('');

  const handleSubmit = async (e) => {
    e.preventDefault();
    setStatus('sending');

    try {
      const response = await fetch(
        'https://yourapp.com/api/submit/YOUR_FORM_ID',
        {
          method: 'POST',
          headers: { 'Content-Type': 'application/json' },
          body: JSON.stringify(formData)
        }
      );

      const data = await response.json();
      
      if (data.success) {
        setStatus('success');
        setFormData({ name: '', email: '', message: '' });
      } else {
        setStatus('error');
      }
    } catch (error) {
      setStatus('error');
    }
  };

  return (
    <form onSubmit={handleSubmit}>
      <input
        type="text"
        value={formData.name}
        onChange={(e) => setFormData({...formData, name: e.target.value})}
        placeholder="Name"
        required
      />
      <input
        type="email"
        value={formData.email}
        onChange={(e) => setFormData({...formData, email: e.target.value})}
        placeholder="Email"
        required
      />
      <textarea
        value={formData.message}
        onChange={(e) => setFormData({...formData, message: e.target.value})}
        placeholder="Message"
      />
      <button type="submit" disabled={status === 'sending'}>
        {status === 'sending' ? 'Sending...' : 'Submit'}
      </button>
      {status === 'success' && <p>Thank you! We'll be in touch.</p>}
      {status === 'error' && <p>Oops! Something went wrong.</p>}
    </form>
  );
}

cURL

curl -X POST https://yourapp.com/api/submit/YOUR_FORM_ID \
  -H "Content-Type: application/json" \
  -d '{
    "name": "John Doe",
    "email": "john@example.com",
    "message": "Hello from cURL!"
  }'

Responses

200 OK

Success

{
  "success": true,
  "message": "Submission received"
}
400 Bad Request

Validation Error

{
  "error": "Validation failed",
  "errors": [
    "Name is required",
    "Email is required"
  ]
}
403 Forbidden

Unauthorized Domain

{
  "error": "Domain not authorized. Please verify your domain in form settings."
}

This error occurs when domain verification is enabled and the request comes from an unauthorized domain.

404 Not Found

Form Not Found

{
  "error": "Form not found"
}
429 Too Many Requests

Rate Limit Exceeded

{
  "error": "Too many submissions. Please try again later."
}

Rate limit: 10 submissions per minute per IP address.

Features

🛡️ Spam Protection

Add a hidden honeypot field to catch spam bots:

<input 
  type="text" 
  name="_honeypot" 
  style="display:none" 
  tabindex="-1" 
  autocomplete="off" 
/>

If this field is filled, the submission is silently rejected (returns success but doesn't save).

🔒 Domain Verification

Restrict form submissions to verified domains only. Enable in your form settings and add DNS TXT records to verify domain ownership.

Note: Localhost and development domains (127.0.0.1, 192.168.x.x) bypass domain verification for testing.

🌐 CORS Enabled

The submit endpoint has CORS enabled, allowing submissions from any origin. Perfect for static sites, SPAs, and cross-origin requests.

⏱️ Rate Limiting

To prevent abuse, submissions are rate limited:

  • 10 submissions per minute per IP address
  • Rate limit headers included in response
  • Automatic reset after time window

✅ Field Validation

FastSubmit validates submissions based on your form configuration:

  • Required fields must be present
  • Email fields are validated for proper format
  • Returns detailed error messages for failed validations

Best Practices

Always include honeypot field

Protects against spam bots without requiring CAPTCHA

Match field names exactly

Field names in your HTML must match the field IDs in your form configuration

Handle errors gracefully

Show user-friendly error messages when validation fails

Use domain verification for production

Prevent unauthorized usage by restricting to your verified domains

Test with different content types

Ensure your form works with both JSON and form-encoded submissions

Need Help?

Check out our other documentation pages for more detailed information:

Quick Start Guide

Get started in 5 minutes

Code Examples

More integration examples

Field Types

Available form field types

Domain Verification

Secure your forms