Appearance
Form API
The Form API lets trusted servers submit a form without rendering it in a browser. It is intended for server-to-server integrations: another application posts the field values and your form runs its normal pipeline (validation, notifications, integrations, storage).
Enable it on a form
Open the form, go to Form Settings → Security, and turn on headless submissions. Then:
- Generate an API key. The key is shown once, so copy it somewhere safe. You can regenerate it later (which invalidates the old key) or remove it.
- Restrict by IP (optional). Limit accepted requests to an allowlist of server IP addresses.
The Security tab also shows the exact submission endpoint and how to present the key.
Submitting
Send a POST request with the form's field values to the headless submission endpoint:
POST /api/index.php/v1/nxpeasyforms/submissionAuthenticate the request with the form's API key. Requests without a valid key, or from an IP outside the allowlist when one is set, are rejected. Browser-rendered forms continue to use the normal site submission flow; this endpoint is only for headless, key-authenticated callers.
Notes
- Each form has its own key; regenerating or removing it affects only that form.
- The API runs the same validation and side-effects as a normal browser submission.
- Payment-enabled forms require the browser checkout flow and are not completed through this endpoint.
What happens if my Pro license expires?
While the license is inactive the Form API stops accepting submissions — incoming calls are rejected — and the key controls are locked in the builder, so you can't generate or rotate keys. Your stored key and settings are preserved, so reactivating the license restores full access without re-entering anything.