Docs Webhooks

Webhooks

Receive every submission as a signed JSON POST to your own endpoint.

Add an endpoint under your form's Webhooks tab and every non-spam submission is delivered as JSON:

Webhook payload
POST https://example.com/hooks/formy
Content-Type: application/json
x-formy-signature: 9f2c41d8a7…

{
  "id": "subm_abc123",
  "formId": "form_xyz789",
  "payload": { "email": "hello@acme.co", "message": "Hi!" },
  "createdAt": "2026-06-10T12:34:56.000Z"
}

The x-formy-signature header is a hex HMAC-SHA256 of the raw request body, keyed with the endpoint's signing secret (shown in the dashboard). Verify it before trusting a delivery:

Node.js
import crypto from "node:crypto";

function isFromFormy(rawBody, signatureHeader, secret) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(rawBody)
    .digest("hex");

  return crypto.timingSafeEqual(
    Buffer.from(signatureHeader),
    Buffer.from(expected)
  );
}

Recent deliveries — with response status codes — are listed under each endpoint in the dashboard.