Documentation

Quick start

Get your first form working in under 60 seconds:

1. Create a form in the dashboard and copy the access key. The key is shown once — save it somewhere safe.
2. Add your domain in Form → Settings → Allowed Domains (e.g., yoursite.com). This prevents other sites from using your key.
3. Point your form at https://api.w3forms.com/submit with method="POST".
4. Add the access key as a hidden field: <input type="hidden" name="access_key" value="YOUR_KEY" />.
5. Submit. View submissions in the dashboard and receive email notifications automatically.

<form action="https://api.w3forms.com/submit" method="POST">
  <input type="hidden" name="access_key" value="YOUR_ACCESS_KEY" />

  <input type="text" name="name" required />
  <input type="email" name="email" required />
  <textarea name="message" required></textarea>

  <button type="submit">Send</button>
</form>

How it works

When a visitor submits your form, the data is sent to W3Forms via HTTP POST. We validate the access key, check the origin against your allowed domains, run spam protection checks, and store the submission. Then we send email notifications and trigger any configured webhooks — all within milliseconds.

The submission flow is designed for speed. We acknowledge the submission immediately and process notifications in the background, so your visitors get instant feedback.

Redirect vs JSON response

By default, a standard HTML form POST receives a 303 redirect to your success page. This works great for traditional multi-page sites.

For single-page applications (React, Vue, etc.), send Accept: application/json to receive a JSON response instead. This lets you control the UI — show loading spinners, inline success messages, or error states without a page reload.

const form = document.querySelector("form");

form.addEventListener("submit", async (e) => {
  e.preventDefault();
  const formData = new FormData(form);

  const res = await fetch("https://api.w3forms.com/submit", {
    method: "POST",
    headers: { Accept: "application/json" },
    body: formData,
  });

  const data = await res.json();
  if (!res.ok) throw new Error(data.error ?? "Submit failed");
  console.log("Success:", data);
});

What you get

• Submission storage — Every submission is stored and accessible in your dashboard. Search, filter, and export submissions at any time.
• Email notifications — Instant email for every non-spam submission. Configure recipients, subject line (with field placeholders), reply-to address, and auto-responses.
• Webhooks — Forward each submission to your own server via HTTP POST. Payloads are signed with HMAC-SHA256 for verification. Use for CRM sync, Slack alerts, or custom workflows.
• Spam protection — Multiple layers: honeypot fields (zero friction), keyword blacklists, disposable email blocking, and optional captcha. Spam is stored but does not trigger notifications.
• Custom redirects — Send users to your own thank-you or error pages after submission.
• File uploads — Accept file attachments via multipart forms (Pro and Business plans). Files are stored securely and linked in your dashboard.

Next steps

• How-to Guides — React forms, Astro setup, file uploads, webhook integration, migration from other services.
• Customization — Redirects, email settings, spam protection, allowed domains.
• Webhooks — Setup, payload format, and HMAC signature verification.
• API Reference — Endpoint, request fields, response codes, rate limits.
• Security — Access keys, domain restrictions, data handling.
• Troubleshooting — Common errors and how to fix them.
• FAQ — Pricing, GDPR, frameworks, spam, and more.