The Formstack API allows users and 3rd party application to access resources programmatically. This API tries to conform to REST principals.

API Methods

A list of all api methods (exposed as REST resources) can be found here:
Formstack API REST Resources

Request Formats

The Formstack API accepts two request data types: HTTP url encoded query parameters and JSON. By default, we expect HTTP url encoded query parameters. To use JSON, simply change the Content-Type header in your request to be "Content-Type: application/json" and put the JSON in the body of the request.

Response Formats

The Formstack API offers two response types: JSON (default) and XML. To indicate which response type you would like to receive, simply add .xml or .json to the end of any resource URIs. If an extension is not present, we will respond with JSON.


Obtaining an API key (OAuth2 Access Token)

All of our API calls require authentication. The REST API uses OAuth2 access tokens for this purpose. Creating an application record will also create an access token. Access tokens are tied to a Formstack user and follow Formstack (in-app) user permissions. Additional access tokens can be generated by the OAuth2 authorization process.

To request an OAuth2 token to use with the Formstack API explorer, visit here.


Once you have an access token, you can make authenticated api calls. To do this, include the access token in the HTTP Authorization header:

Authorization: Bearer <access-token>

On any GET api calls, you can set the access token as a part of the query string:


That access token is similarly used on the Try It Out feature on this website. Input Bearer into the Authorization field of the Try It Out feature on any of the APIs.

Rate Limits

To prevent abuse, the Formstack API is rate limited to 14,400 calls per access token per day.

Status Codes

The Formstack API uses standard HTTP status codes.

200OK - The request was handled without any errors
201Created - A new resource was created
400Bad Request - The request URI was invalid
401Unauthorized - Valid OAuth2 credentials were not supplied
403Forbidden - The current user does not have access to this method
404Not Found - The resource requested could not be found
405Method Not Allowed - The requested method does not exist
415Unsupported Media Type - A valid media type (JSON, XML, HTTP URL encoded) was not used
429Too Many Requests - The current user has hit the daily rate limit
500Internal Server Error - An error occurred while processing the request

API Wrappers

We have Wrapper Libraries for the V2 API available in our GitHub account.