API Reference
Complete reference for the kollect API.
Table of Contents
Form Submission API
Submit Form Data
Submit data to a kollect form endpoint.
Endpoint:
POST https://kollect.app/f/{FORM_KEY}Content Types:
application/x-www-form-urlencoded(standard HTML forms)multipart/form-data(file uploads)application/json(AJAX requests)
Basic Request
curl -X POST https://kollect.app/f/abc123xyz \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "email=user@example.com&message=Hello"JSON Request
curl -X POST https://kollect.app/f/abc123xyz \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com", "message": "Hello"}'Response
Success (200 OK):
{
"success": true,
"message": "Form submitted successfully"
}Error (400 Bad Request):
{
"error": "Form is disabled"
}Error (403 Forbidden):
{
"error": "Origin not whitelisted"
}Special Form Fields
Certain field names have special behavior:
| Field Name | Purpose | Example |
|---|---|---|
_redirect_url | Redirect URL after submission | https://yoursite.com/thanks |
_gotcha | Honeypot field (default name) | Leave empty (hidden field) |
Note: The honeypot field name can be customized in form settings.
CORS Headers
All form endpoints include CORS headers:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Headers: Content-TypeThis allows submissions from any domain by default. Use origin whitelisting to restrict access.
Management API
The Management API allows programmatic access to forms and submissions.
Base URL:
https://kollect.app/apiAuthentication
All management API requests require authentication using a Bearer token.
curl -X GET https://kollect.app/api/forms \
-H "Authorization: Bearer YOUR_API_KEY"Get API Key: API keys are available in your account settings (coming soon).
Forms API
List All Forms
Get all forms for the authenticated user/organization.
Endpoint:
GET /api/formsResponse:
{
"forms": [
{
"id": "abc123xyz",
"name": "Contact Form",
"enabled": true,
"createdAt": "2025-01-15T10:30:00Z",
"submissionCount": 42
}
]
}Create Form
Create a new form.
Endpoint:
POST /api/formsRequest Body:
{
"name": "Contact Form",
"redirectUrl": "https://example.com/thank-you",
"honeypotField": "_gotcha",
"originWhitelist": ["https://example.com"]
}Response:
{
"id": "abc123xyz",
"name": "Contact Form",
"endpoint": "https://kollect.app/f/abc123xyz",
"createdAt": "2025-01-15T10:30:00Z"
}Get Form Details
Get detailed information about a specific form.
Endpoint:
GET /api/forms/{FORM_ID}Response:
{
"id": "abc123xyz",
"name": "Contact Form",
"enabled": true,
"settings": {
"redirectUrl": "https://example.com/thank-you",
"honeypotField": "_gotcha",
"originWhitelist": ["https://example.com"]
},
"createdAt": "2025-01-15T10:30:00Z",
"updatedAt": "2025-01-16T14:20:00Z"
}Update Form
Update form settings.
Endpoint:
PATCH /api/forms/{FORM_ID}Request Body:
{
"name": "Updated Contact Form",
"enabled": true,
"redirectUrl": "https://example.com/success"
}Response:
{
"id": "abc123xyz",
"name": "Updated Contact Form",
"enabled": true,
"updatedAt": "2025-01-16T15:00:00Z"
}Delete Form
Delete a form and all its submissions.
Endpoint:
DELETE /api/forms/{FORM_ID}Response:
{
"success": true,
"message": "Form deleted successfully"
}Note: This action is permanent and will delete all associated submissions.
Submissions API
List Submissions
Get submissions for a specific form.
Endpoint:
GET /api/forms/{FORM_ID}/submissionsQuery Parameters:
| Parameter | Type | Description |
|---|---|---|
limit | number | Number of submissions to return (default: 50, max: 100) |
offset | number | Pagination offset (default: 0) |
from | ISO date | Filter submissions after this date |
to | ISO date | Filter submissions before this date |
Example:
curl -X GET "https://kollect.app/api/forms/abc123xyz/submissions?limit=10&offset=0" \
-H "Authorization: Bearer YOUR_API_KEY"Response:
{
"submissions": [
{
"id": "sub_123",
"formId": "abc123xyz",
"data": {
"email": "user@example.com",
"message": "Hello"
},
"metadata": {
"origin": "https://example.com",
"userAgent": "Mozilla/5.0...",
"ip": "192.168.1.1"
},
"createdAt": "2025-01-16T09:15:00Z"
}
],
"total": 42,
"limit": 10,
"offset": 0
}Get Single Submission
Get details of a specific submission.
Endpoint:
GET /api/forms/{FORM_ID}/submissions/{SUBMISSION_ID}Response:
{
"id": "sub_123",
"formId": "abc123xyz",
"data": {
"email": "user@example.com",
"message": "Hello",
"name": "John Doe"
},
"metadata": {
"origin": "https://example.com",
"userAgent": "Mozilla/5.0...",
"ip": "192.168.1.1"
},
"createdAt": "2025-01-16T09:15:00Z"
}Export Submissions
Export submissions in CSV or JSON format.
Endpoint:
GET /api/forms/{FORM_ID}/submissions/exportQuery Parameters:
| Parameter | Type | Description |
|---|---|---|
format | string | Export format: csv or json (default: csv) |
from | ISO date | Filter submissions after this date |
to | ISO date | Filter submissions before this date |
Example:
curl -X GET "https://kollect.app/api/forms/abc123xyz/submissions/export?format=csv" \
-H "Authorization: Bearer YOUR_API_KEY" \
-o submissions.csvAuthentication
API Keys
API keys provide programmatic access to the Management API.
Creating API Keys:
- Navigate to Account Settings
- Click “API Keys”
- Click “Generate New Key”
- Copy and securely store your key
Using API Keys:
curl -X GET https://kollect.app/api/forms \
-H "Authorization: Bearer sk_live_abc123xyz..."Security:
- Never commit API keys to version control
- Rotate keys regularly
- Use different keys for different environments
- Revoke compromised keys immediately
Session Authentication
Dashboard access uses Clerk session authentication. This is handled automatically by the UI.
Rate Limits
Rate limits protect the API from abuse.
Form Submissions
| Plan | Limit |
|---|---|
| Free | 100 submissions/month |
| Starter | 1,000 submissions/month |
| Professional | 10,000 submissions/month |
API Requests
| Endpoint Type | Limit |
|---|---|
| Form Submissions | 60 requests/minute per form |
| Management API | 100 requests/minute per API key |
Rate Limit Headers:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1642348800Rate Limit Exceeded (429):
{
"error": "Rate limit exceeded",
"retryAfter": 30
}Error Codes
HTTP Status Codes
| Code | Meaning | Description |
|---|---|---|
| 200 | OK | Request successful |
| 400 | Bad Request | Invalid request data |
| 401 | Unauthorized | Missing or invalid authentication |
| 403 | Forbidden | Insufficient permissions |
| 404 | Not Found | Resource not found |
| 429 | Too Many Requests | Rate limit exceeded |
| 500 | Internal Server Error | Server error |
Error Response Format
{
"error": "Error message",
"code": "ERROR_CODE",
"details": {
"field": "Additional context"
}
}Common Error Codes
| Code | Description |
|---|---|
FORM_DISABLED | Form is currently disabled |
ORIGIN_NOT_WHITELISTED | Request origin not allowed |
HONEYPOT_TRIGGERED | Spam protection triggered |
PLAN_LIMIT_REACHED | Submission quota exceeded |
INVALID_FORM_KEY | Form key not found |
VALIDATION_ERROR | Request validation failed |
Webhooks
Send form submissions to external endpoints (coming soon).
Webhook Events
submission.created- New form submissionsubmission.spam- Spam submission detected
Webhook Payload
{
"event": "submission.created",
"formId": "abc123xyz",
"formName": "Contact Form",
"submission": {
"id": "sub_123",
"data": {
"email": "user@example.com",
"message": "Hello"
},
"createdAt": "2025-01-16T09:15:00Z"
}
}Webhook Signature
Webhooks include a signature header for verification:
X-Kollect-Signature: sha256=abc123...SDK Libraries
Official SDK libraries (coming soon):
- JavaScript/TypeScript
- Python
- Ruby
- PHP
Support
Questions about the API?
- Email: api@kollect.app
- Documentation: https://docs.kollect.app