Overview of the OpnForm REST API, base URL, authentication, and rate limits.
Welcome to the OpnForm REST API – a straightforward, JWT-based interface that lets you manage workspaces, forms and submissions from your own tools or backend jobs.
If you’ve ever used the dashboard you already know the objects you’ll be working with: workspaces, forms, submissions, and users. The API exposes almost the same capabilities – you can list items, create new ones, update them or delete them, all with predictable HTTP verbs.
All endpoints documented in this reference are relative to that URL.
Every request must include a Personal Access Token in the Authorization
header:
Tokens can be created in your OpnForm dashboard (see the API Keys section). Each token is associated with one or more abilities / scopes that restrict what it can do.
Ability | Description |
---|---|
workspaces-read | Read workspaces the user belongs to |
workspaces-write | Create, update or delete workspaces |
workspace-users-read | List workspace members & invites |
workspace-users-write | Manage workspace members & invites |
forms-read | Read forms & submissions |
forms-write | Create or modify forms & submissions |
When your request attempts an operation outside the abilities attached to the token, the API responds with 403 Forbidden.
Some list endpoints are paginated. Use the page
query parameter (?page=2
) to retrieve subsequent pages.
Each IP address is limited to 100 requests per minute. Exceeding the limit returns 429 Too Many Requests.
Errors are returned in JSON with an HTTP status code that reflects the problem:
See the status-code table below for the most common cases:
Status | Meaning |
---|---|
400 | Bad request / validation error |
401 | Missing or invalid token |
403 | Token lacks required ability |
404 | Resource not found |
429 | Rate limit exceeded |
500 | Server error – something went wrong on our side |
That’s all you need to know to get started – head over to the endpoint sections or grab a token and make your first call: