API Keys & Scopes
Securely manage programmatic access to your FormsIntel data. Generate, rotate, and revoke API keys from your Developer Profile.
Key Format & Environments
FormsIntel API keys use prefixes to easily identify their target environment and prevent accidental commits to source control.
Live Keys
Used for production environments. Accesses real form data.
ff_live_8zb11egv2sniasf...Test Keys (Coming Soon)
Used for staging/local dev. Actions do not affect live quotas.
ff_test_9qxw2m7v8plkrt...Generating & Revoking Keys
Manage your keys directly from the Dashboard.
Navigate to Profile
Click "Profile" in the main Dashboard navigation.
Developer Settings Section
Scroll down to the "API Keys" card.
Generate or Revoke
Click "Generate New Key" to instantly provision a new token. Click the Trash icon next to an active key to instantly revoke it (this action takes effect within milliseconds).
Security Best Practices
Never Expose Your API Key on the Client
API keys grant full access to read all submissions and analytics for your account. Never embed them in frontend JavaScript code (React, Vue, plain HTML) where they can be extracted by malicious users.
- Store keys exclusively in backend environment variables (e.g.,
.env). - Never commit
.envfiles to Git/GitHub. - If using the
formsintel-sdkReact package, you do not need an API key to submit forms. The SDK handles public submissions via the Form ID alone.
- Granular Scopes — Create read-only keys, or keys scoped to a single specific form.
- IP Whitelisting — Restrict key usage to specific server IP addresses.
- Auto-Expiration — Generate ephemeral keys that automatically revoke after 1 hour, 24 hours, or 30 days.