Authentication and limits

To interact with the FormFlow API, you need to authenticate your requests using a token. All API requests are made to https://main.formflow-dev.net. All requests should be made using HTTPS.

Obtain credentials

To access the FormFlow API, you will need a clientId and clientSecret value, which are provided by FormFlow Customer Support upon request. You will also need to know your organizationId value.

You can exchange these for a Bearer token, valid for 3600 seconds (1 hour):

Endpoint

POST /api/token

Headers

Accept: application/jsonContent-Type: application/json

Example request body

{
  "clientId": "2mvc4Ev4qpU8Y0FbADRq4xpZOhf",
  "clientSecret": "{zPYnGM$c&p+NLH0JNm-xdD'6+VHVuE`1R/xe(7+*eSAIOW^C~)M:8H_32Vd#{J",
  "organizationId": "2nHy8pbeoD5CM9WbjvyGj1VKoUu"
}

Example 200 response

{
  "token": "eyJhbGciOiJSUzI1NiIs...Ce7EdUsAw",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Authenticate your requests

You can use the token in the response to authenticate all subsequent requests by including it in the Authorization header: Authorization: Bearer <your_token>

Refreshing the token

Since the token is valid for 3600 seconds (1 hour), you will need to repeat the token request process to refresh your token. Ensure your application is designed to handle token expiration by checking against the expires_in value in the response.

Rate Limiting

The API enforces a rate limit of 60 requests per minute to ensure fair usage and maintain performance. If you exceed this limit, the API will return a 429 Too Many Requests response code. When this occurs, you must wait until the rate limit resets before making additional requests. To avoid interruptions, ensure your application adheres to the rate limit policy.