Forms & Submissions

Build contact / signup / inquiry forms in the admin, embed them on any frontend, and triage incoming submissions from one inbox.

Form management routes

RouteMethodPurpose
/admin/formsGETList forms
/admin/forms/createGETNew form
/admin/formsPOSTCreate form
/admin/forms/{form}/editGETEdit form fields
/admin/forms/{form}PUTUpdate form
/admin/forms/{form}DELETESoft delete
/admin/forms/{form}/toggle-activePATCHActivate / pause submissions

Form attributes

Submission inbox

RouteMethodPurpose
/admin/forms/{form}/submissionsGETList submissions (status, date range, search)
/admin/forms/{form}/submissions/exportGETCSV export of all submissions
/admin/forms/{form}/submissions/bulkPOSTBulk mark as read / spam / delete
/admin/forms/{form}/submissions/{submission}GETSubmission detail
/admin/forms/{form}/submissions/{submission}/mark-readPATCHMark as read
/admin/forms/{form}/submissions/{submission}/mark-unreadPATCHMark as unread
/admin/forms/{form}/submissions/{submission}/mark-spamPATCHMark as spam
/admin/forms/{form}/submissions/{submission}/notesPATCHUpdate internal notes
/admin/forms/{form}/submissions/{submission}DELETEDelete

Submission record

Public submit endpoint

Forms are exposed publicly under the API. Frontends post directly without an API key:

POST /api/v1/forms/{formSlug}/submit
GET /api/v1/forms/{formSlug}

Throttled to 5 requests/min/IP. See API: Form Submissions for the request/response shape.

Notifications

On a successful submit, listeners on the FormSubmissionReceived event:

Spam mitigationUse the honeypot field plus the 5/min rate limit. For high-volume forms, add a reCAPTCHA secret in the form settings; submissions failing the challenge are rejected with a 422.