FormsFly API
The API is exposed using web services in a REST approach, providing a flexible and simple set of interfaces that can be accessed from just about any programming language.
Our platform was built to integrate. Thus, robust two-way data transfer is supported on several objects exposed.
All APIs support both JSON and raw XML formats.
| NOTE: XML requests must have each a tag element in alphabetical order. |
To access the various APIs, you must use the generated Integration Passkey, which can be found on your Provider configuration page of the website.
Keep this Integration Passkey safe since it is the principal key used for keeping your data secure.
The base URL for all Cloud APIs is https://secure.formsfly.com/apiexplorer
General Data Type Notes
- If not explicitly stated, date values are expected to be formatted using ISO 8601 format:
YYYY-MM-DDTHH:MI:SSZ
Where time zone is UTC, time is in 24 hour values, and the “T” and “Z” are delimiters. - All latitude and longitude data values are unprojected and use the WGS84 ellipsoid.
Setting up API Keys
An admin user can configure API Keys for their organization by navigating the left side menu to My Account > Organization Setup > Integrations.
| Company ID | Your company's unique ID, normally required when using our API Explorer. |
| Private Token | Useful for external integrations, where a shared private token is needed for authentication. This is system-generated by default, but you can specify a value from an external system/integration if you prefer. Automatically included in Hosted GET calls for this reason. Accessible via the {{%PRIVATETOKEN}} builtin for use in REST connectors. |
| API Full Access Keys | Data marked as personal/sensitive will be returned as plain text in responses. Maintain your integration by using one key when regenerating the other. |
| API Anonymize Keys | Data marked as personal/sensitive will be converted to a non-human-readable format in API responses. Maintain your integration by using one key when regenerating the other. |
| Enable User API Keys | By default, API access is available using organization-level API keys, however, these keys give full access to all API endpoints without restriction. When integrations are being built by internal developers, this is generally not an issue; however, if you need to provide external/third-party integrators with API access then more granular control will be needed. You can enable granular control via this option, which activates the ability to generate API access keys on a per-user basis. When our API is accessed via a user API key, our system automatically applies the access level and permissions of that specific user to their requested API operation. For example, if the given user has an access level of Read-Only, then API calls using their access key will only be permitted to perform GET operations on our API endpoints. Similarly, if the user does not have permission to access Data Sources, then all attempts to access our Data Source API with their key will be refused. In this way, you can set up a dedicated, access restricted user for your external developer and easily control which API calls they are able to make. |
API HTTP Status Codes
We don't use many HTTP codes on our API; our error messages are generally included in the response body.
Generally speaking, successful API calls will return a 200 HTTP code.
If the API call has an error result, you will get one of the following.
| 400 | Bad Request - this occurs when missing or invalid parameters are submitted in the request. |
| 405 | Method Not Allowed - this occurs if the API endpoint you are attempting to call does not exist. |
| 401 | Unauthorized - your integration key or company id is not valid. |
| 500 | All other errors usually are returned under a 500 Internal Server Error. |
As mentioned above, if you get one of the above HTTP error codes, the response body will include more details of the error.