Webhooks

Push form submissions to your server or any HTTP endpoint in real time. Available on Pro and Business plans.

How it works

When a visitor submits your form, FormBlade sends a POST request to every webhook URL you have configured for that form. The request contains a JSON payload with the submission data, and an HMAC signature so you can verify it came from FormBlade.

Webhooks are processed asynchronously by the background worker, so they do not slow down the submission response.

Setting up a webhook

  1. Go to Webhooks in the dashboard sidebar
  2. Select the form you want to add a webhook to
  3. Click Add webhook
  4. Enter the URL that should receive the data
  5. Optionally add a signing secret for payload verification
  6. Click Create

You can add up to 10 webhooks per form.

Payload format

Each delivery sends a JSON POST request with the full submission data:

{
  "event": "submission.created",
  "form_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "form_name": "Contact Form",
  "endpoint_id": "contact",
  "submission_id": "f1e2d3c4-b5a6-7890-abcd-ef1234567890",
  "created_at": "2026-03-26T14:30:00Z",
  "data": {
    "name": "Jane Doe",
    "email": "jane@example.com",
    "message": "Hello! I'd like to learn more about your service."
  },
  "files": null,
  "ip_address": "203.0.113.42",
  "country": "US",
  "device": {
    "device_type": "desktop",
    "browser": "Chrome 145.0.0",
    "os": "Windows 10"
  }
}

Payload fields

FieldTypeDescription
eventstringEvent type (submission.created)
form_iduuidForm identifier
form_namestringForm name as shown in the dashboard
endpoint_idstringShort form ID used in the URL (/f/{endpoint_id})
submission_iduuidUnique submission identifier
created_atISO 8601When the submission was received
dataobjectKey-value pairs of all submitted form fields
filesobject | nullFile metadata if any files were uploaded (field name → filename, size, content type)
ip_addressstring | nullSubmitter IP (null if IP storage is disabled or anonymized)
countrystring | null2-letter country code from Cloudflare (e.g. US, DE)
deviceobject | nullParsed device info: device_type, browser, os

The data object contains exactly what the visitor submitted. Field names are the HTML name attributes from the form.

Note: Spam submissions (honeypot triggered, failed captcha, bot detection) do not fire webhooks. Only legitimate, non-spam submissions are delivered.

Request headers

HeaderExampleDescription
Content-Typeapplication/jsonAlways JSON
User-AgentFormBlade-Webhook/1.0Identifies FormBlade as the sender
X-FormBlade-Eventsubmission.createdThe event type
X-FormBlade-Deliveryd1e2f3...Unique delivery ID (for deduplication)
X-FormBlade-Signaturesha256=a1b2c3...HMAC-SHA256 signature (only if signing secret is set)

Verifying signatures

If you set a signing secret, FormBlade computes an HMAC-SHA256 hash of the raw JSON request body using your secret. Verify it on your server to confirm the request is authentic and hasn't been tampered with.

Python

import hmac, hashlib

def verify(payload_bytes, signature, secret):
    expected = hmac.new(
        secret.encode(), payload_bytes, hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(f"sha256={expected}", signature)

Node.js

const crypto = require('crypto');

function verify(body, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(body)
    .digest('hex');
  return signature === `sha256=${expected}`;
}

PHP

function verify($body, $signature, $secret) {
    $expected = 'sha256=' . hash_hmac('sha256', $body, $secret);
    return hash_equals($expected, $signature);
}

Retries

If your server returns a non-2xx status code or the request times out (10 second limit), FormBlade will retry the delivery up to 3 times with exponential backoff:

Each delivery attempt is logged. You can view delivery history and status codes in the dashboard.

Testing

Click the Test button next to any webhook in the dashboard. This sends a sample payload with dummy data so you can verify your endpoint is working before going live.

Events

EventDescription
submission.createdFired when a new form submission is received (non-spam only)

More events will be added in future updates.

Use with automation tools

Point your webhook URL at an automation platform to connect form submissions to thousands of apps without writing code. The dashboard wizard guides you through each platform's setup.

Zapier

Connect to 6,000+ apps. Create a Zap with Webhooks by Zapier as the trigger, copy the URL, and paste it in FormBlade. Full guide →

Make (Integromat)

Build visual multi-step automations with branching and error handling. Add a Custom webhook trigger in Make, copy the URL, and paste it in FormBlade. Full guide →

n8n

Self-hosted or cloud automation with 400+ nodes. Add a Webhook node, activate the workflow, copy the production URL, and paste it in FormBlade. Full guide →

IFTTT

Simple one-trigger-one-action automations. Create an Applet with the Webhooks trigger and connect to 700+ services. Full guide →

Pabbly Connect

Automation with a one-time lifetime pricing option. Create a workflow with Webhook / API as the trigger. Full guide →

Other tools

Any tool that accepts incoming webhooks works the same way: create a webhook trigger in the tool, copy the URL, and add it as a Custom URL webhook in FormBlade.

Limits

Webhooks vs integrations

Webhooks send raw JSON to any URL — you handle the parsing and logic. If you just want to post submissions to a chat channel, use the built-in integrations instead:

Use raw webhooks when you need the full payload for custom processing, Zapier/Make triggers, or your own backend.

What's next?