API Keys
API keys authenticate requests to the Formtorch REST API. Use them to read submissions, manage forms, and trigger exports programmatically.
Generating an API key
Go to API key settings
In the dashboard , go to Settings → API Keys.
Create a new key
Click New API Key, give it a descriptive name (e.g. zapier-integration, export-script), and click Create.
Copy the key
The key is shown once. Copy it immediately — it won’t be visible again after you close the dialog. Store it in a secrets manager or environment variable.
Using your API key
Include the key in the Authorization header of every request:
curl https://app.formtorch.com/api/v1/forms \
-H "Authorization: Bearer YOUR_API_KEY"See the API Reference for all available endpoints.
Security best practices
- Never commit keys to source control. Use environment variables or a secrets manager.
- Use one key per integration. This makes it easy to revoke a single integration without affecting others.
- Rotate keys periodically. Generate a new key, update your integration, then revoke the old one.
- Revoke unused keys. Delete keys for integrations you’re no longer using.
Revoking a key
Go to Settings → API Keys, find the key, and click Revoke. Revocation is immediate — any requests using the revoked key will receive 401 Unauthorized.
Key limits
| Plan | API keys |
|---|---|
| Free | Not available |
| Starter | Up to 5 keys |
| Pro | Up to 20 keys |
See the pricing page for a full plan comparison.