Skip to main content

IndyForms Open API Guide

This help article provides a clear and structured overview to support developers and technical users working with the IndyForms API.

Updated over 2 months ago

The IndyForms Public API allows you to securely access your IndyForms data and integrate it with external systems such as CRMs, analytics platforms, automations, dashboards, internal tools, or AI agents. This version of the API is read‑only, meaning it allows you to retrieve data from IndyForms.

What the Public API Can Do

With the current Public API, you can:

  • Retrieve form metadata – View the structure and configuration of your forms.

  • Access submission (record) data – Fetch submissions to sync into other systems.

  • View user/account details – Useful for context, security, and workspace automation.

  • Build automations and integrations – Move your IndyForms data into other tools.

This enables powerful downstream workflows, including:

  • Sending IndyForms submission data into CRMs

  • Syncing records to dashboards or reports

  • Powering internal tools with live IndyForms data

  • Feeding AI assistants with real-time workspace information

How to Generate an API Access Token in IndyForms

To use the IndyForms Public API, you’ll need to generate an Access Token. This token is used to authenticate your requests.

Follow the steps below to create your token.

Step 1 — Open Your Profile

  1. In the top-right corner of IndyForms, click your profile icon.

  2. From the dropdown menu, select Profile.

Step 2 — Go to the Access Tokens Tab

At the top of your Profile page, you will see two tabs:

  • My Profile Details

  • Access Tokens

Click the Access Tokens tab.

This will open your personal token management area, where you can view, create, or revoke tokens.

Step 3 — Create a New Token

  1. Click the Add New button.

  2. A modal window will appear titled Create New Access Token.

You will need to enter:

  • Token Name – A label to identify this token (e.g., “CRM Integration”, “Reporting API”, “Make.com Automation”).

  • Expiry Date – Choose how long you want the token to be active.

Step 4 — Generate the Token

Click Create Token.

Your new token will be displayed once only. Make sure to copy and store it securely — you will not be able to view it again.

Frequently Asked Questions (FAQs)

Q. What is an API Access Token?

An API Access Token is a secure key that allows external systems to access your IndyForms data through the Public API. Each token is linked to your user profile and workspace permissions.

Q. Where do I create an API Access Token?

Go to Profile → Access Tokens → Add New.

From there, you can name your token, set an expiry date, and generate it instantly.

Q. Can I see my token again after creating it?

No. For security reasons, the full token value is shown only once—at the moment you create it.

If you lose it, simply delete the old one and create a new token.

Q. How many tokens can I create?

You can create as many tokens as you need.

This is helpful when connecting multiple tools (e.g., Make.com, internal dashboards, CRMs).

Q. Can I delete or revoke a token?

Yes. You can delete tokens at any time from the Access Tokens tab.

Deleting a token immediately stops any system from using it.

Q. Do tokens expire?

Yes. Each token has an expiry date that you choose when creating it.

You can set a short-term or long-term expiry based on your security requirements.

Q. Is write access supported?

Not yet.

The current IndyForms Public API is read-only, allowing you to securely retrieve:

  • User/workspace info

  • Form metadata

  • Record (submission) data

Write capabilities will be added in an upcoming release (as part of our product roadmap).

Q. Who can create tokens?

Any Administration Licensed IndyForms user with access to their Organisation's profile can create tokens.

Q. Does my API token give access to all forms?

Your token inherits the same permissions as your IndyForms account.

Tips

Here are some helpful tips for securely and effectively using the IndyForms Public API:

  • Use separate tokens for each integration (e.g., CRM, reporting, automation) to keep access organised and easy to revoke.

  • Store tokens securely using environment variables, secret managers, or password managers.

  • Rotate tokens regularly and assign expiry dates based on security requirements.

  • Delete tokens that are no longer in use to keep your workspace secure.

  • Cache form metadata to improve performance and reduce repeated API calls.

  • Treat your API token like a password—never share it or store it in client-side code.

  • Give tokens clear names so you can easily identify which system or automation uses them.

Need More Help?

For more details, examples, and technical specifications, visit the Developer Documentation: https://indyforms.com/api/

If you need assistance with specific use cases or integrations, contact the IndyForms Support team.

Related Articles
Users & Groups: Set Up + Management
Payment Field – Accept Payments in IndyForms
Understanding Organisations, Accounts & Subscriptions in IndyForms
Using Zapier With IndyForms: Automate Your Workflows
Did this answer your question?