Formaloo will grant you your own API key token and secrets to either write your own APIs with them or use them on any available SDK written on Formaloo.
In order to write your own custom API, you will need to follow these steps:
1- Obtain your API Key and Secret Key from Formaloo.
2- Use the Secret Key to obtain the expirable Authorization Tokens.
3- Use the API Key and Authorization Token to call your desired API.
We will describe each step with examples in the following parts:
Click on “Formaloo”, then you’ll see your API keys
1. Obtain the tokens
In order to obtain the API Key and Secret Key, you should visit https://cdp.formaloo.net/, go to the Connections tab, select the Formaloo Integration, and in the integration page, copy the API Key and Secret Key. (Note: The write-only key is for rare occasions where you want to create a mobile application that writes data on behalf of you. In almost all normal scenarios, you won’t need it.)
API Key: This key is used to identify your application and the integration you’re using. You have to include it in all requests, with the header x-api-key.
Secret Key: You will need this key to acquire the Authorization Tokens, sent in all requests. Please note that the Authorization Token has a short lifetime and will be expired after 30 seconds, but the Secret Key will not be expired and can be used to acquire as many Authorization Tokens as you want.
2. Get Authorization Token
The next step is to use your Secret Key to acquire an Authorization Token. In order to do so, you have to simply send a post requests to the following endpoint: https://api.formaloo.net/v1.0/oauth2/authorization-token/
Your request should contain this header and body:
Header:
Authorization = Basic {Secret Key}
Body (form-data):
grant_type=client_credentials
Example (cURL)
curl '' \\ --header 'Authorization: Basic {Secret Key}' \\ --form 'grant_type="client_credentials"'
Example (Python)
import requests url = "" payload={'grant_type': 'client_credentials'} headers = { 'Authorization': f'Basic {secret_key}' } response = requests.post( url, headers=headers, data=payload ) if response.status==200: authorization_token = response.json().get('authorization_token')
Response
{ "authorization_token": "{Authorization Token}" }
If your Secret Key is valid and you’re sending the request properly, you will receive an Authorization Token in the response, which you can use to call the API before it expires and needs to be refreshed.
3. Call Formaloo’s API
In this step, you have a valid API Key and an active Authorization Token. All you need to do now is to include each in the proper header to authenticate your API call:
Header:
Authorization = JWT {Authorization Token} x-api-key = {API Key}
Please note that all the APIs (except the authorization API) need the x-api-key header, while some (e.g. submitting a form) don’t need the Authorization header. Refer to the API documentation to see which endpoints don’t need the Authorization header.
Request Example (cURL):
curl '' \\ --header 'x-api-key: {API Key}' \\ --header 'Authorization: JWT {Authorization Token}'
Request Example (Python):
import requests url = "https://api.formaloo.net/v3/forms/" headers = { 'x-api-key': f'{api_key}', 'Authorization': f'JWT {authorization_token}' } response = requests.get( url, headers=headers )