If you don’t have one yet, sign up at formitto.com and
register at least one verified domain (forms and widgets bind to a verified
domain).
2. Generate an API key
In the dashboard, go to Settings → API keys and click Create key. Give
it a name you’ll recognise (e.g. “Zapier production”), then copy the key.
The plaintext key is shown once, at creation. Store it somewhere safe — if
you lose it, revoke it and create a new one. Keys look like
fmt_live_xxxxxxxx….
New keys are granted read access by default; grant write scopes explicitly if
you need them. See Authentication for the scope model.
3. Make your first request
List your forms. Pass the key as a Bearer token.
curl https://formitto.com/v1/forms \
-H "Authorization: Bearer fmt_live_xxxxxxxx"
import { Formittosdk } from "@formitto/sdk";
const formitto = new Formittosdk({ bearerAuth: "fmt_live_xxxxxxxx" });
const result = await formitto.forms.listForms({});
console.log(result.data);
A successful response is a paginated envelope:
{
"data": [
{
"id": 123,
"name": "Contact form",
"type": "standard",
"domain": { "id": 5, "domain": "example.com" },
"submissionCount": 42,
"createdAt": "2026-05-01T12:00:00.000Z",
"updatedAt": "2026-05-20T09:30:00.000Z"
}
],
"pagination": { "page": 1, "limit": 25, "total": 1, "pages": 1 }
}
List endpoints accept page (1-based) and limit (default 25, max 100):
curl "https://formitto.com/v1/forms?page=2&limit=50" \
-H "Authorization: Bearer fmt_live_xxxxxxxx"
Rate limits
Each API key is allowed 1000 requests per hour by default. Every response
carries your current budget:
| Header | Meaning |
|---|
X-RateLimit-Limit | Requests allowed per hour |
X-RateLimit-Remaining | Requests left in the current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
When you exceed the budget you get HTTP 429 with a Retry-After header
(seconds to wait). Back off until the window resets, then retry.
Next steps