Submito

API Reference

Submit forms programmatically using Submito's HTTP API.

Base URL

All API requests are made to the Submito API domain:

https://api.submi.to

Submit a Form

POST/f/{form_id}

Submit data to a form endpoint. The form_id is found in your form settings.

Content Types

The endpoint accepts three content types:

  • application/json — JSON payload (recommended for API integrations)
  • application/x-www-form-urlencoded — Standard HTML form submissions
  • multipart/form-data — Required for file uploads

Examples

<form action="https://api.submi.to/f/YOUR_FORM_ID" method="POST">
  <input type="text" name="name" placeholder="Name" required>
  <input type="email" name="email" placeholder="Email" required>
  <textarea name="message" placeholder="Message"></textarea>
  <button type="submit">Send</button>
</form>

Response format

Send an Accept: application/json header to receive JSON responses. Without it, HTML form submissions will redirect to a thank-you page.

Response Format

Success (201 Created)

{
  "message": "Submission received",
  "submission_id": "sub_a1b2c3d4"
}

Error Responses

{
  "error": "Form is not accepting submissions"
}

Status Codes

CodeMeaningDescription
201CreatedSubmission received successfully
400Bad RequestForm is disabled or not accepting submissions
422Validation ErrorCaptcha failed or required fields missing
429Rate LimitedToo many requests (see rate limiting below)
404Not FoundForm ID does not exist

Rate Limiting

Multiple rate limit layers protect against abuse:

ScopeLimitWindow
Per IP per form10 requests1 minute
Per IP (global)30 requests1 minute
Per form (global)100 requests1 minute
Per API key60 requests1 minute

Rate limit headers

When rate limited, the response includes a Retry-After header indicating how many seconds to wait before retrying.

CORS

The API allows requests from all origins. The following CORS headers are set on every response:

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Headers: Content-Type, Accept, X-Requested-With, Authorization

File Uploads

To include file uploads, use multipart/form-data encoding:

curl -X POST https://api.submi.to/f/YOUR_FORM_ID \
  -H "Accept: application/json" \
  -F "name=Jane Doe" \
  -F "[email protected]" \
  -F "resume=@/path/to/resume.pdf"

File size limits depend on your plan. See File Uploads for details.

Coming Soon

We're expanding the API with additional endpoints:

  • GET /submissions — Retrieve submissions programmatically
  • GET /forms — List and manage forms via API
  • GET /workspaces — Workspace management endpoints
  • POST /workspaces/{workspace}/members — Team member management

Want early access to new API endpoints? Reach out via the in-app support form and we'll keep you updated.

Endpoint MonitoringAPI Authentication