LogoDropForm

Schema API

Fetch a machine-readable form schema (fields, types, constraints, options) to generate forms and validate submissions consistently.

DropForm Logo
January 12, 2026 by DropForm Team

Introduction

DropForm provides a REST API to interact programmatically with your forms and submissions. The API supports standard HTTP methods and accepts JSON or multipart requests, including file uploads. It is perfect for server-side automation, integrations, or any workflow where you need direct access to your form data.

One of the most powerful features is the GET /schema endpoint which returns a complete machine-readable schema of your form, including all fields, types, constraints, and options. You can use this to automatically generate forms in your applications.

Authentication

All DropForm API endpoints require authentication using form-level API keys. Each form provides two types of keys:

  • Master Key - full access for reading, creating, updating, and deleting submissions. Should only be used from trusted server-side environments.
  • Read-Only Key - limited access to fetch form schemas and retrieve submissions. Cannot create, update, or delete data.

Include the API key in every request using the HTTP Authorization header.

Best Practices

  • Keep keys secret: Never expose Master Keys in client-side code or public repositories.
  • Rotate keys regularly: Replace and revoke old keys periodically to reduce security risks.
  • Use Read-Only keys when possible: Limit exposure when only fetching data.
  • Server-side enforcement: Use Master Keys for operations that modify data; keep Read-Only keys for data retrieval.

By following these practices, you ensure secure access to your forms and submissions while minimizing the risk of unauthorized access.

Get Schema

GET /api/v1/forms/{formId}/schema

Fetch the schema of a specific form. The returned schema includes all fields, types, constraints, and options. This can be used to automatically generate forms in your applications, ensuring consistent validation and reducing development effort.

Access: Read-Only Key or Master Key

Fields

The fields array can include the following types of field objects:

  • TextField - may include min and max length.
  • NumberField - may include min and max values.
  • EmailField
  • DateField
  • CheckboxField - includes values array.
  • RadioField - includes values array.
  • SelectField - includes values array.
  • FileField
  • HoneypotField

Example Request

Example Response

Status codes

  • 200 - OK
  • 400 - Bad Request (validation error)
  • 401 - Unauthorized (missing or invalid API key)
  • 403 - Forbidden (key does not have required role)
  • 404 - Not Found (form not found)
  • 429 - Too Many Requests (rate limit)
  • 500 - Internal Server Error

Learn more