Authentication
Learn how to authenticate your API requests to FastSubmit.
API Key Authentication
All API requests (except the public submit endpoint) require authentication using an API key. Each form has its own unique API key that you can find in your dashboard.
Important: Keep your API key secret. Never expose it in client-side code or public repositories.
How to Authenticate
You can pass your API key in two ways:
1. HTTP Header (Recommended)
Pass the API key in the x-api-key header:
curl -X GET \
https://fastsubmit.hostspica.com/api/v1/forms \
-H "x-api-key: fs_abc123xyz789..."2. Query Parameter
Pass the API key as a query parameter (useful for quick testing):
curl -X GET \
"https://fastsubmit.hostspica.com/api/v1/forms?apiKey=fs_abc123xyz789..."Note: Using query parameters may expose your API key in server logs. Use headers for production.
Finding Your API Key
- Log in to your FastSubmit dashboard
- Navigate to Forms
- Click on the form you want to access
- Your API key is displayed on the form detail page
Regenerating Your API Key
If your API key is compromised, you can regenerate it:
- Go to your form's settings page
- Click Regenerate next to the API key
- Confirm the action
Warning: Regenerating your API key will immediately invalidate the old key. Update your applications with the new key to avoid service interruption.
Authentication Errors
Missing API Key (401)
{
"error": "API key required. Pass via x-api-key header or apiKey query param"
}Invalid API Key (403)
{
"error": "Invalid API key"
}Public vs Private Endpoints
Public (No Auth Required)
- •
POST /api/submit/:formId
Used by your website visitors to submit forms
Private (Auth Required)
- •
GET /api/v1/forms - •
POST /api/v1/forms - •
GET /api/v1/forms/:id - •
PUT /api/v1/forms/:id - •
DELETE /api/v1/forms/:id - • All
/submissionsendpoints
Used by you to manage forms and view submissions