API Key
Understanding and managing your Static Forms API key
Your API key is a unique identifier that connects form submissions to your Static Forms account. It's automatically generated when you create your account and is required for all form submissions.
Getting Your API Key
Create an Account
If you haven't already, sign up for a free account. You'll need to verify your email address to complete registration.
Access Your Dashboard
After logging in, navigate to your dashboard. Your API key is displayed prominently at the top of the dashboard page.
Copy Your API Key
Your API key will look like this:
sf_abc123def456ghi789jkl012mno345Click the copy button next to your API key to copy it to your clipboard.
Add to Your Form
Include your API key in your HTML form as a hidden input field:
API Key Format
Static Forms API keys follow a consistent format:
- Start with the prefix
sf_ - Followed by 32 alphanumeric characters
- Total length: 35 characters
- Example:
sf_abc123def456ghi789jkl012mno345
Using Your API Key
Your API key must be included in every form submission. There are several ways to do this:
Method 1: Hidden Input Field (Recommended)
The simplest and most common method is to include it as a hidden field in your HTML form:
Method 2: JavaScript / AJAX
When submitting forms via JavaScript, include the API key in your request:
Method 3: JSON Payload
When sending JSON data, include the API key in the payload:
API Key Security
Understanding API key security is important for protecting your account:
Safe to Use In:
- Client-side HTML forms
- JavaScript code (browser)
- Public repositories (though not recommended)
- Static website code
Best Practices:
- Use environment variables when possible
- Don't share your API key publicly
- Don't commit to public repositories
- Regenerate if you suspect it's compromised
What API Keys Cannot Do:
- Access your account settings
- Change your password
- View billing information
- Modify account preferences
- Delete your account
Why API Keys Are Safe in Client-Side Code
API keys are designed to be used in client-side code. They only allow form submissions to be sent to your account. They cannot be used to access sensitive account information or perform account management operations. However, you should still keep them private to prevent others from using your quota.
Environment Variables
For better security and organization, use environment variables to store your API key:
Next.js
React / Create React App
Vite
Regenerating Your API Key
If you suspect your API key has been compromised or want to rotate it for security reasons, you can regenerate it:
Go to Account Settings
Navigate to your account settings page in the dashboard.
Find API Key Section
Locate the API Key section where your current key is displayed.
Click Regenerate
Click the "Regenerate" button. You'll be asked to confirm this action.
Update All Forms
After regeneration, you must update all forms using the old API key with the new one. The old key will immediately stop working.
Important
Regenerating your API key will immediately invalidate the old key. All forms using the old key will stop working until you update them with the new key. Make sure you have access to update all your forms before regenerating.
Multiple API Keys
Currently, each account has one API key. If you need multiple keys for different projects:
- Free Tier: Create multiple accounts (one per project)
- Pro Tier: Use child accounts, each with their own API key
Pro Feature: Child Accounts
Pro tier users can create child accounts, each with its own API key. This allows you to manage multiple projects while keeping them organized under one parent account. See Pricing Plans for more information.
Troubleshooting
Invalid API Key Error
If you receive an "Invalid API key" error:
- Verify you copied the entire key (35 characters)
- Check for extra spaces or line breaks
- Ensure the key starts with
sf_ - Confirm the key hasn't been regenerated
API Key Not Working
If your API key suddenly stops working:
- Check if you regenerated the key recently
- Verify your account is active and not suspended
- Check if you've exceeded your monthly limit
- Contact support if the issue persists