Authentication

Secure your API requests with API key authentication.

API Keys

All API requests require authentication via an API key. Create keys from your dashboard at Settings → API Keys.

Include your API key in the Authorization header:

Authorization Header
curl https://proforms.io/api/v1/forms \
  -H "Authorization: Bearer pf_your_api_key_here"
⚠️
Your API key is shown only once when created. Store it somewhere safe. If you lose it, you'll need to create a new one.

Key Permissions

Each API key can be scoped to specific permissions. If no permissions are set, the key inherits the full permissions of the user who created it.

PermissionWhat it allows
forms.viewList and read form details
forms.createCreate new forms and duplicate existing ones
forms.editUpdate form fields, settings, theme, and notifications
forms.deleteArchive/delete forms
forms.publishPublish or unpublish forms
submissions.viewList and read submission data
submissions.exportExport submissions to CSV or JSON
submissions.deleteDelete submissions
sites.viewList and read site details
sites.createCreate new sites
sites.editUpdate site settings
sites.deleteArchive/delete sites
team.viewList team members
team.inviteInvite new team members
team.manageEdit roles and remove members
settings.orgRead and update org settings
settings.emailManage email/SMTP configuration

Rate Limits

Each API key has a configurable rate limit (default: 60 requests per minute, max: 1,000). When exceeded, you'll receive a 429 status code.

Rate Limit Error
{
  "success": false,
  "error": {
    "code": "RATE_LIMITED",
    "message": "Rate limit exceeded. Try again later."
  }
}

Key Expiration

API keys can optionally be set to expire after a number of days. Expired keys return a 401 Unauthorized error. You can also revoke keys at any time from the dashboard.

💡
For production integrations, create a dedicated API key with only the permissions you need. This follows the principle of least privilege and limits exposure if the key is compromised.