Authentication
All Formtorch API requests require a Bearer token in the Authorization header.
Generating an API key
- Sign in to app.formtorch.com
- Go to Settings → API Keys
- Click Create new key
- Give it a name and click Create
- Copy the key. It’s only shown once.
Store the key in an environment variable. Never commit it to version control.
Using the API key
Include it as a Bearer token in the Authorization header:
curl https://api.formtorch.com/v1/forms \
-H "Authorization: Bearer YOUR_API_KEY"In JavaScript:
const res = await fetch("https://api.formtorch.com/v1/forms", {
headers: {
Authorization: `Bearer ${process.env.FORMTORCH_API_KEY}`,
},
});Key scopes
Keys generated from the dashboard have full access to your account’s forms and submissions. Scoped keys (read-only, per-project) are planned for a future release.
Revoking a key
Go to Settings → API Keys and click Revoke next to the key. Revoked keys stop working immediately.
If you suspect a key has been compromised, revoke it immediately and generate
a replacement. Requests made with a revoked key return 401 Unauthorized.
Error responses
| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid API key |
403 Forbidden | Valid key but insufficient permissions |
Last updated on