API4FORM · V1 · API-FIRST FORM ENGINE

Forms that just work. Zero backend.

Drop in an endpoint. Get submissions instantly. No server setup. No backend code. Ever.

FREE FOREVER · NO CREDIT CARD · UP AND RUNNING IN 30 SECONDS

10K+

FORMS CREATED

1M+

SUBMISSIONS

<50ms

P95 RESPONSE

99.9%

UPTIME SLA

01 · ONE ENDPOINT

POST to one URL.
Submissions land in your inbox.

No SDK to install, no server to run. Works from any language, any framework, any static HTML page. Responses are verifiable with HMAC-SHA256 and retry on failure.

Full reference
LIVE
const res = await fetch("https://api4form.com/f/YOUR_SLUG", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    name:    "Ada Lovelace",
    email:   "ada@example.com",
    message: "Hi — can I get a demo?",
  }),
});

// => { ok: true, message: "Thank you for your submission!" }

Atomic delivery

Your webhook receiver gets each submission exactly once — with retry + dead-letter log.

Signed payloads

X-Api4form-Signature (HMAC-SHA256) + X-Api4form-Timestamp on every outbound call.

Structured errors

422 + per-field errors when the submission fails schema validation. No guessing.

02 · FEATURES

Everything you need. Nothing you don't.

A complete toolkit for collecting, managing and acting on form submissions — without writing a single line of backend code.

Email notifications

Instant email for every submission. Custom templates and multiple recipients.

HMAC-signed webhooks

Real-time JSON POST to any URL. Per-form rotating signing secret, at-least-once delivery with retries.

Spam & bot protection

Cloudflare Turnstile, Akismet-compatible honeypot, per-IP persistent rate limit, password-gated forms.

Analytics, built in

Per-form peak hours, field breakdown, UTM/referrer/country. Export CSV or full JSON at any time.

Any framework

React, Next, Vue, Svelte, plain HTML. If it can POST, it works. Static sites welcome.

Auto-responders

Branded confirmation emails with {{field}} interpolation. Keep submitters in the loop automatically.

03 · INTEGRATIONS

Routes to the tools you already use.

22 first-party destinations, zero glue code. Flip a toggle and every submission fans out to Slack, Airtable, Stripe, Salesforce, your Zap — whichever pattern fits.

Slack Discord Telegram Google Sheets Airtable Notion Trello Asana GitHub HubSpot Pipedrive Salesforce Mailchimp MailerLite ConvertKit Klaviyo Constant Contact Zendesk Freshdesk Zapier Make Stripe + your own webhook

At-least-once delivery

Failed dispatches go on a retry schedule (1m → 5m → 30m → 3h). Full event log per form.

Signed webhooks

HMAC-SHA256 with a per-form secret you rotate. X-Api4form-Signature header on every POST.

SSRF-safe outbound

Private IP / link-local / metadata-service destinations are rejected before fetch.

04 · VS THE ALTERNATIVES

Built by developers,
priced like it.

Everything the incumbents put behind a Business tier — HMAC webhooks, custom domains, SSO, audit log — ships in api4form on Pro or by default.

Capability api4form Typical competitor
Free tier (submissions / month) 50 50
HMAC-signed webhooks Paid
Native integrations 22+ 13
Custom submission domain Business only
SSO (SAML) at workspace level Business only
Audit log, exportable CSV
Org-scoped quotas
Self-host option

COMPARED AGAINST LISTED TIERS AS OF APR 2026. SPECS DRIFT; FEEDBACK WELCOME.

05 · SECURITY

Security is
not optional.

Built controls first, features second. Audit log, RLS, HMAC, Turnstile, SSO and customer-accessible evidence for SOC 2 reviews.

TLS 1.3AES-256SOC 2 alignedGDPRHMAC-SHA256SAML SSO
Read the security brief

TLS 1.3 in transit, AES-256 at rest

End-to-end encryption across every hop. Your submissions never travel unprotected.

Per-form HMAC signing

Every webhook delivery carries X-Api4form-Signature (HMAC-SHA256). Rotate the secret any time.

Row-level tenant isolation

Postgres RLS keeps every workspace's forms and submissions sealed off from its neighbours.

Customer-accessible audit log

Every access-changing action recorded per workspace, exportable to CSV for SOC 2 review.

SSO + RBAC

SAML SSO via Okta / Google / Azure AD. Owner / admin / member roles, scoped permissions.

Built-in bot & abuse controls

Cloudflare Turnstile, honeypot, persistent rate-limit, per-form password gating, SSRF block-list.

06 · PRICING

Start free. Scale when real.

No credit card for the free tier. Plans priced per workspace, not per seat. Self-host with zero license fee if you'd rather run it yourself.

Free

For side projects & prototypes.

$0 forever
  • 50 submissions / month
  • 5 forms
  • Email notifications
  • Honeypot spam filter
  • HMAC-signed webhooks
Start free
Most popular

Pro

For shipping developers.

$9 per month
  • 2,000 submissions / month
  • Unlimited forms
  • 22+ native integrations
  • Turnstile + Akismet
  • File uploads (25 MB)
  • Custom redirects & auto-responders
  • Priority support
Start Pro

Business

For teams and customers.

$29 per month
  • 20,000 submissions / month pooled
  • Unlimited team seats
  • Custom submission domain (CNAME + TLS)
  • SAML SSO
  • Audit log export
  • Org-scoped quotas
  • 99.9% uptime SLA
Contact sales

OVERAGES BILLED AT $0.002 / SUBMISSION · UPGRADE / DOWNGRADE ANY TIME

07 · ADOPTION

Built for developers
shipping real products.

"Moved off Formspree in an afternoon. The HMAC-signed webhooks + audit log alone pay for it."
— Marta · Staff engineer · fintech SaaS
"Our forms backend is finally just `fetch()`. The Astro + edge integration is chef's kiss."
— Rohan · Indie maker · 2 shipped apps
"The built-in org model + SAML meant our security review closed in a week, not a month."
— Priya · CTO · 14-person team

Open schemas

Every migration, every RPC, every edge function is in the open repo.

Self-host

docker-compose up. One VM, one host, zero vendor lock-in.

Proper REST

No magical SDK. Curl-first. OpenAPI spec on every endpoint.

Real SLAs

99.9% uptime, credits automatic when we miss it. Status page public.

08 · SHIP

Your next form
takes 30 seconds.

Sign up. Create a form. Paste the endpoint into your site. Submissions arrive in your inbox before you finish your coffee.