Docs
API & Developers

API Keys & Scopes

Securely manage programmatic access to your FormsIntel data. Generate, rotate, and revoke API keys from your Developer Profile.

Key Format & Environments

FormsIntel API keys use prefixes to easily identify their target environment and prevent accidental commits to source control.

Live Keys

Used for production environments. Accesses real form data.

ff_live_8zb11egv2sniasf...

Test Keys (Coming Soon)

Used for staging/local dev. Actions do not affect live quotas.

ff_test_9qxw2m7v8plkrt...

Generating & Revoking Keys

Manage your keys directly from the Dashboard.

1

Navigate to Profile

Click "Profile" in the main Dashboard navigation.

2

Developer Settings Section

Scroll down to the "API Keys" card.

3

Generate or Revoke

Click "Generate New Key" to instantly provision a new token. Click the Trash icon next to an active key to instantly revoke it (this action takes effect within milliseconds).

Security Best Practices

Never Expose Your API Key on the Client

API keys grant full access to read all submissions and analytics for your account. Never embed them in frontend JavaScript code (React, Vue, plain HTML) where they can be extracted by malicious users.

  • Store keys exclusively in backend environment variables (e.g., .env).
  • Never commit .env files to Git/GitHub.
  • If using the formsintel-sdk React package, you do not need an API key to submit forms. The SDK handles public submissions via the Form ID alone.
Roadmap
  • Granular Scopes — Create read-only keys, or keys scoped to a single specific form.
  • IP Whitelisting — Restrict key usage to specific server IP addresses.
  • Auto-Expiration — Generate ephemeral keys that automatically revoke after 1 hour, 24 hours, or 30 days.