File Uploads
Accept file attachments alongside form submissions.
Overview
Submito supports file uploads as part of form submissions. Users can attach images, documents, or any other file type alongside their form data. Uploaded files are stored securely and accessible from the submission detail view.
Enabling File Uploads
File uploads work automatically - no special configuration is needed on the Submito side. Simply include a file input in your HTML form and use multipart/form-data encoding:
<form action="https://api.submi.to/f/YOUR_FORM_ID"
method="POST"
enctype="multipart/form-data">
<input type="text" name="name" placeholder="Your name" required>
<input type="email" name="email" placeholder="Email" required>
<input type="file" name="resume" accept=".pdf,.doc,.docx">
<button type="submit">Submit</button>
</form>Multiple File Inputs
You can include multiple file inputs in a single form. Each file input should have a unique name attribute:
<input type="file" name="resume" accept=".pdf">
<input type="file" name="portfolio" accept=".pdf,.zip">
<input type="file" name="photo" accept="image/*">To allow selecting multiple files with a single input, add the multiple attribute:
<input type="file" name="attachments[]" multiple accept=".pdf,.jpg,.png">Uploading via API
When submitting programmatically, use multipart/form-data encoding (not JSON) for requests that include files:
curl -X POST https://api.submi.to/f/YOUR_FORM_ID \
-H "Accept: application/json" \
-F "name=Jane Doe" \
-F "[email protected]" \
-F "resume=@/path/to/resume.pdf" \
-F "photo=@/path/to/photo.jpg"Use multipart/form-data for file uploads
JSON (application/json) does not support binary file data. Always use multipart/form-data when your form includes file inputs.
File Size & Storage Limits
File upload limits depend on your plan:
| Plan | Max file size | Storage per workspace |
|---|---|---|
| Free | 5 MB | 100 MB |
| Solo | 25 MB | 5 GB |
| Team | 50 MB | 20 GB |
If a submitted file exceeds the per-file size limit, the entire submission is rejected with a 422 validation error.
Accessing Uploaded Files
Uploaded files appear in the submission detail view. Each file shows its original filename, size, and file type. Click the file name to preview it (images open inline; other types download).
Files are accessible to all workspace members who have access to the form's submissions. Download links are authenticated - they require being logged in to Submito.
Deduplication
Submito automatically deduplicates identical files. If two different submissions upload the exact same file (same content), only one copy is stored. This reduces storage usage without affecting the user experience - each submission still shows its own file reference.
File Retention
Uploaded files follow the same retention policy as their submission. When a submission is deleted (manually or by the automatic retention policy), its associated files are also deleted.
See Data Retention for details on retention periods per plan.
Security
All uploaded files are:
- Stored privately - Files are not publicly accessible by URL. Download links require authentication.
- Not executed - Files are stored as-is and never executed server-side.
- Scanned for basic validity - File type is validated against the declared content type to prevent simple type confusion attacks.
Use the accept attribute on your file inputs to guide users toward the file types you expect. While this is a UI hint (not enforced server-side), it improves the submission experience.