Webhooks
Receive every submission as a signed JSON POST to your own endpoint.
Add an endpoint under your form's Webhooks tab and every non-spam submission is delivered as JSON:
Webhook payload
POST https://example.com/hooks/formy
Content-Type: application/json
x-formy-signature: 9f2c41d8a7…
{
"id": "subm_abc123",
"formId": "form_xyz789",
"payload": { "email": "hello@acme.co", "message": "Hi!" },
"createdAt": "2026-06-10T12:34:56.000Z"
}The x-formy-signature header is a hex HMAC-SHA256 of the raw request body, keyed with the endpoint's signing secret (shown in the dashboard). Verify it before trusting a delivery:
Node.js
import crypto from "node:crypto";
function isFromFormy(rawBody, signatureHeader, secret) {
const expected = crypto
.createHmac("sha256", secret)
.update(rawBody)
.digest("hex");
return crypto.timingSafeEqual(
Buffer.from(signatureHeader),
Buffer.from(expected)
);
}Recent deliveries — with response status codes — are listed under each endpoint in the dashboard.