Cognito Forms API

This feature is available to organizations on the Pro, Team, and Enterprise plans.

The Cognito Forms REST API allows you to integrate your existing systems with Cognito Forms without third-party tools. Refer to our API reference guide for more information and learn more about API request billing.

What’s an API?

An API (or Application Programming Interface) allows two applications to talk to each other. In other words, you can use our API to create custom integrations between Cognito Forms and other applications.

How to create an API key

To create a new custom integration with the Cognito Forms API:

  1. Click your organization’s name in the top left corner and then click Settings.
  2. Go to the Integrations section and select + New API Key.
  3. Enter your integration details in the dialog.
  4. Hit the Save button.

View your custom integration in your organization's settings.

You can update your custom integration settings at any time. Optionally, select the trash can icon on the right-hand side to delete the integration.

Manage API key settings

Select the integration name to update the integration settings:

  • Name/Description – Edit the integration name and description.
  • API Key – Your API access token. We recommend that you copy this token and key it safe – it cannot be accessed again later. Use this bearer token in the Authorization header when making API requests.
  • Form Scope – Select the API access level for form data.
    • No Scopes: The API cannot access form data.
    • Read: The API can access Get Forms, Get Form Fields, and Get Form Schema.
    • Read/Write: The API can access Set Form Availability in addition to the operations listed above.
  • Entry Scope – Select the API access level for form entries.
    • No Scopes: The API cannot access entry data.
    • Read: The API can access Get Entry and Get Document.
    • Read/Write: The API can access Create Entry and Update Entry in addition to the operations listed above.
    • Read/Write/Delete: The API can access Delete Entry in addition to the operations listed above.
  • Can Access – Specify which forms and folders the integration can access. If a folder has access to an integration, all new and existing forms in that folder also have access. Existing connections cannot be disconnected.
  • Connected To – View any connected forms.

How to pass the API key in the URL

If your external system does not support custom headers, you can include the API Key in the URL when you send data into Cognito Forms. Add ?access_token=apikey to your URL. Make sure to replace apikey with your key.

For example, you may want to use our Post JSON Data fields to create an entry. Post JSON Data allows you to post a static URL but does not allow you to alter the headers of the request. If you pass the API key in the URL, you can authenticate the request without editing the headers.