SendForm.live
Get Started

Help Center

Webhooks

Webhooks let you automatically send form submissions to your own server or third-party services like Zapier, Make, or n8n. This is a Pro feature.

How Webhooks Work

When someone submits your form, SendForm.live sends an HTTP POST request to your specified URL with the submission data as JSON.

Setting Up a Webhook

  1. Go to your form's Settings
  2. Scroll to the Webhooks section
  3. Enter your webhook URL (must be HTTPS)
  4. Optionally add a secret for signature verification
  5. Click Add Webhook

Webhook Payload

Each webhook request includes a JSON payload with the following structure. Note that the data object uses your field labels (like "Full Name") rather than internal IDs, making it easy to use in integrations.

{
  "event": "submission.created",
  "form_id": "abc123",
  "submission": {
    "id": "sub_xyz789",
    "form_id": "abc123",
    "data": {
      "Full Name": "John Doe",
      "Email": "john@example.com",
      "Message": "Hello!"
    },
    "created_at": "2025-01-15T10:30:00.000Z"
  },
  "timestamp": "2025-01-15T10:30:01.000Z"
}

Request Headers

SendForm.live includes these headers with every webhook request:

  • Content-Type: application/json
  • User-Agent: SendForm-Webhook/1.0
  • X-SendForm-Signature (if you configured a secret)

Verifying Webhook Signatures

If you add a secret to your webhook, SendForm.live signs each payload using HMAC-SHA256. This lets you verify that requests genuinely came from SendForm.live.

How to Verify

  1. Get the X-SendForm-Signature header from the request
  2. Compute HMAC-SHA256 of the raw request body using your secret
  3. Compare your computed signature with the header value

Example (Node.js)

const crypto = require('crypto');

function verifySignature(payload, signature, secret) {
  const computed = 'sha256=' + crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(computed)
  );
}

// In your webhook handler:
const isValid = verifySignature(
  req.rawBody,
  req.headers['x-sendform-signature'],
  process.env.WEBHOOK_SECRET
);

if (!isValid) {
  return res.status(401).send('Invalid signature');
}

Integration Examples

Zapier

  1. Create a new Zap with Webhooks by Zapier as the trigger
  2. Choose Catch Hook
  3. Copy the webhook URL Zapier provides
  4. Paste it in your SendForm.live webhook settings
  5. Submit a test form to set up the Zap

Make (Integromat)

  1. Create a new scenario with Webhooks module
  2. Choose Custom webhook
  3. Copy the webhook URL
  4. Add it to your SendForm.live form settings

Your Own Server

Create an endpoint that accepts POST requests with JSON. Make sure to:

  • Use HTTPS (required)
  • Return a 2xx status code on success
  • Verify the signature if you configured a secret
  • Process the webhook quickly (under 10 seconds)

Troubleshooting

Webhook not firing?

  • Ensure the webhook is enabled (toggle is on)
  • Check that your URL is valid and uses HTTPS
  • Verify your server is accessible from the internet

Getting errors?

  • Webhooks must return a 2xx status code within 10 seconds
  • Check your server logs for incoming requests
  • Ensure your endpoint accepts POST requests with JSON

Signature verification failing?

  • Make sure you're using the raw request body (not parsed JSON)
  • Verify the secret matches exactly (no extra whitespace)
  • Use constant-time comparison to prevent timing attacks