Authentication
All API requests require authentication via an API key.API Keys
API keys are passed in theX-API-Key header:
Key Format
GeniusForms API keys follow this format:| Prefix | Environment |
|---|---|
gf_sk_live_ | Production |
gf_sk_test_ | Sandbox (coming soon) |
Creating API Keys
- Go to your dashboard
- Navigate to Settings → API Keys
- Click Create API Key
- Optionally name your key and set a rate limit
- Copy the key immediately - it’s only shown once!
Rate Limits
Each API key has a daily request limit that resets at midnight UTC.| Plan | Default Limit |
|---|---|
| Free | 100 requests/day |
| Pro | 1,000 requests/day |
| Enterprise | Custom |
Rate Limit Headers
Every response includes rate limit information:| Header | Description |
|---|---|
X-RateLimit-Limit | Your daily request limit |
X-RateLimit-Remaining | Requests remaining today |
X-RateLimit-Reset | Unix timestamp when limit resets |
Handling Rate Limits
When you exceed your limit, you’ll receive a429 response:
Form-Scoped Keys
For enhanced security, you can create keys scoped to a specific form:- Can only access that form’s data
- Cannot create new forms
- Cannot access other forms’ responses
Error Responses
| Status | Error | Description |
|---|---|---|
| 401 | unauthorized | Missing, invalid, or revoked API key |
| 403 | forbidden | Key doesn’t have access to this resource |
| 429 | rate_limit_exceeded | Daily limit exceeded |