> ## Documentation Index
> Fetch the complete documentation index at: https://docs.formitto.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a form

> Create a form bound to a verified production domain. Omit `domainId` to auto-pick when the account has exactly one verified domain; when multiple exist, `domainId` is required (a `domain_required` error returns the candidate list).




## OpenAPI

````yaml /api/openapi.yaml post /forms
openapi: 3.1.0
info:
  title: Formitto API
  version: 1.0.0
  description: >
    The Formitto public API (v1). Read and manage your forms, submissions,
    calendars, bookings, shop widgets, and orders programmatically.

    Authenticate with an API key created in the Formitto dashboard (Settings →
    API keys). Pass it as a Bearer token: `Authorization: Bearer fmt_live_...`.
    Keys are scoped — a key only reaches the endpoints its scopes allow (e.g.
    `read:forms`, `write:submissions`).

    All responses are JSON. List endpoints return a `{ data, pagination }`
    envelope; single-resource endpoints return the object directly. Requests are
    rate-limited per API key; see the `X-RateLimit-*` response headers.
  contact:
    name: Formitto Support
    url: https://formitto.com
  license:
    name: Proprietary
    url: https://formitto.com/terms
servers:
  - url: https://formitto.com/v1
    description: Production
security:
  - bearerAuth: []
tags:
  - name: forms
    description: Create, read, update, and archive forms.
  - name: submissions
    description: Read and programmatically ingest form submissions.
  - name: calendars
    description: Read calendar widgets.
  - name: bookings
    description: Read calendar bookings.
  - name: ecommerce
    description: Read shop widgets.
  - name: orders
    description: Read shop orders.
  - name: webhooks
    description: Manage event subscriptions (REST Hooks) for integrations.
paths:
  /forms:
    post:
      tags:
        - forms
      summary: Create a form
      description: >
        Create a form bound to a verified production domain. Omit `domainId` to
        auto-pick when the account has exactly one verified domain; when
        multiple exist, `domainId` is required (a `domain_required` error
        returns the candidate list).
      operationId: createForm
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/FormCreate'
      responses:
        '201':
          description: The created form.
          headers:
            X-RateLimit-Limit:
              $ref: '#/components/headers/RateLimitLimit'
            X-RateLimit-Remaining:
              $ref: '#/components/headers/RateLimitRemaining'
            X-RateLimit-Reset:
              $ref: '#/components/headers/RateLimitReset'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Form'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '429':
          $ref: '#/components/responses/RateLimited'
        '500':
          $ref: '#/components/responses/ServerError'
components:
  schemas:
    FormCreate:
      type: object
      required:
        - name
        - fields
      properties:
        name:
          type: string
        fields:
          type: array
          minItems: 1
          items:
            type: object
            additionalProperties: true
        type:
          type: string
          enum:
            - standard
            - multi-step
          default: standard
        domainId:
          type: integer
          description: >-
            Optional. Auto-picked when the account has exactly one verified
            domain.
        webhookUrl:
          type:
            - string
            - 'null'
          format: uri
    Form:
      type: object
      required:
        - id
        - name
        - type
        - createdAt
        - updatedAt
      properties:
        id:
          type: integer
        name:
          type: string
        type:
          type: string
          enum:
            - standard
            - multi-step
        domain:
          description: Bound domain, or null for legacy unbound forms.
          oneOf:
            - $ref: '#/components/schemas/DomainRef'
            - type: 'null'
        submissionCount:
          type: integer
          description: Present on list responses; omitted on the single-resource view.
        fields:
          type: array
          description: >-
            The form's field schema. Present on the single-resource (detail)
            view only.
          items:
            type: object
            additionalProperties: true
        createdAt:
          type: string
          format: date-time
        updatedAt:
          type: string
          format: date-time
    DomainRef:
      type: object
      description: The registered domain a resource is bound to.
      required:
        - id
        - domain
      properties:
        id:
          type: integer
        domain:
          type: string
          examples:
            - example.com
    Error:
      type: object
      description: >
        Standard error envelope. `code` is a stable machine-readable string
        (e.g. invalid_api_key, insufficient_scope, not_found, rate_limited,
        domain_required, forbidden_field). Some errors carry extra context
        fields (candidates, required, fields, invalid, retryAfter).
      required:
        - error
      additionalProperties: true
      properties:
        error:
          type: string
          description: Human-readable message.
        code:
          type: string
          description: Stable machine-readable error code.
  headers:
    RateLimitLimit:
      description: The per-API-key request budget for the current 1-hour window.
      schema:
        type: integer
    RateLimitRemaining:
      description: Requests remaining in the current window after this request.
      schema:
        type: integer
    RateLimitReset:
      description: Unix timestamp (seconds) at which the rate-limit window resets.
      schema:
        type: integer
    RetryAfter:
      description: Seconds to wait before retrying. Present on 429 responses.
      schema:
        type: integer
  responses:
    BadRequest:
      description: >-
        The request was invalid (validation error, bad domain, forbidden field,
        etc.).
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: The API key is missing, malformed, revoked, or expired.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: The API key is valid but lacks the scope this endpoint requires.
      headers:
        X-RateLimit-Limit:
          $ref: '#/components/headers/RateLimitLimit'
        X-RateLimit-Remaining:
          $ref: '#/components/headers/RateLimitRemaining'
        X-RateLimit-Reset:
          $ref: '#/components/headers/RateLimitReset'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    RateLimited:
      description: The per-API-key request budget for the current window is exhausted.
      headers:
        X-RateLimit-Limit:
          $ref: '#/components/headers/RateLimitLimit'
        X-RateLimit-Remaining:
          $ref: '#/components/headers/RateLimitRemaining'
        X-RateLimit-Reset:
          $ref: '#/components/headers/RateLimitReset'
        Retry-After:
          $ref: '#/components/headers/RetryAfter'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    ServerError:
      description: An unexpected server error.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: fmt_live_*
      description: >
        A Formitto API key created in the dashboard (Settings → API keys). Pass
        it as `Authorization: Bearer fmt_live_...`.

````