Cognito Forms API Essential Guide

What type of API does Cognito Forms provide?

Type of API

Cognito Forms uses a REST API.

Key Points

• The Cognito Forms REST API allows integration of existing systems with Cognito Forms without third-party tools.

• An API key is required to use the Cognito Forms API. Organization owners and administrators can create custom integrations by generating an API key in the organization settings.

• The API key can be passed in the URL if the external system does not support custom headers, by adding ?access_token=apikey to the URL.

API Features

• The API allows creating custom integrations between Cognito Forms and other applications.

• It provides a way for two applications to communicate with each other.

• The API has a reference guide available for more detailed information.

Best Practices

• When using the API, it's important to follow the documentation and use the correct endpoints and parameters.

• Secure handling of the API key is crucial to prevent unauthorized access.

• Consider the API request billing when planning integrations.

In summary, Cognito Forms provides a REST API for integrating with their platform, allowing developers to create custom integrations and automate workflows involving Cognito Forms data.

Does the Cognito Forms API have webhooks?

Yes, the official Cognito Forms API does have webhooks.

The Cognito Forms API offers several types of events that you can subscribe to via webhooks. The main events are:

1. flow_session.status.updated: This event is triggered when a user completes or fails a Flow session.
2. flow_session.step.updated: This event is triggered when a user moves to a new step in the Flow process.
3. flow_session.retried: This event is triggered when a new Flow session is started via the retry system.

Key points about Cognito Forms webhooks:

1. Event Ordering: Cognito does not guarantee that webhooks will be delivered in any particular order. Your application should be prepared to handle events in any delivery order.
2. Webhook Configuration: You can configure webhooks through the Flow dashboard, selecting which events you want to subscribe to.
3. Webhook Response: Your server should respond to webhooks with an HTTP status of 200. Any other status will be treated as an error, and Cognito will attempt to re-deliver the webhook event up to 7 times.
4. Security: Cognito signs all webhooks they send, and it's important to verify the signature to prevent potential attacks.
5. Retry Events: It's possible to request that a user retry part or all of a Flow session, which will trigger a flow_session.retried webhook event.

Event details:

1. For flow_session.status.updated events, the status field can be one of: success, failed, expired, canceled, or pending_review.
2. For flow_session.step.updated events, the step field indicates which step the user is currently completing. Possible steps include: accept_tos, verify_sms, kyc_check, documentary_verification, selfie_check, screening, and risk_check.
3. All events include id, timestamp, data.id, data.customer_reference, and environment.

In conclusion, the Cognito Forms API provides a robust webhook system that allows you to subscribe to various events related to user flow sessions, enabling real-time updates and integration with your application.

Rate Limits and other limitations

Based on the search results provided, here are the key points regarding the API Rate Limits of the Cognito Forms API:

API Request Limits

1. The API request limits vary depending on the plan level:

   • Pro plan: 2,000 requests/month
   • Team plan: 10,000 requests/month
   • Enterprise plan: 100,000 requests/month

2. These request limits include integrations with Make, Power Automate, Zapier, JSON Webhooks, and the Cognito Forms API.

3. Large requests (over 100KB) are counted as multiple requests. For example:

   • A 150KB request counts as two requests
   • A 400KB request counts as four requests

Exceeding Request Limits

If you exceed the number of included monthly requests, you'll be charged $20 per bucket of 100,000 requests.

Monitoring Usage

You can monitor your integration usage on your organization's settings page.

API Key Usage

If your external system does not support custom headers, you can include the API Key in the URL when sending data to Cognito Forms. Add ?access_token=apikey to your URL, replacing apikey with your actual key.

Best Practices

1. When integrating Cognito Forms with other applications, use the API to create custom integrations.

2. If sending data from one form to another, you can pass the API Key into the 'Create Entry POST URL' and insert it into the 'Submit Entry Endpoint' under your form's JSON settings.

Additional Considerations

• The Cognito Forms REST API allows integration with existing systems without third-party tools.

It's important to note that these rate limits are specific to Cognito Forms and are different from Amazon Cognito's API limits, which were also mentioned in the search results but are not relevant to this specific question about Cognito Forms.

Latest API Version

Based on the search results provided, here is the most up-to-date information about the Cognito Forms API:

The most recent version of the Cognito Forms API is referred to as the Cognito Forms REST API. There is no specific version number mentioned in the search results.

Key points to consider:

1. The Cognito Forms REST API allows users to integrate their existing systems with Cognito Forms without third-party tools [2][5].

2. As of June 20, 2022, all organizations have been updated to Cognito Forms V2, which includes improvements to the API [1].

3. The API provides the ability to programmatically interact with an organization's forms and entries [5].

4. To use the API, users need to create an API key, which can be done by organization owners and administrators [2].

5. The API offers different access levels for form data and form entries, including read, write, and delete permissions [2].

6. The API documentation includes a reference guide for more detailed information on its usage [2].

Best practices:

1. Keep your API key safe and secure, as it cannot be accessed again once generated [2].

2. Use the appropriate scope (Form Scope and Entry Scope) when setting up your API key to ensure the right level of access for your integration needs [2].

3. Consider using the API in conjunction with other integration options like Make, Microsoft Power Automate, or Zapier for more complex automation workflows [5].

4. Refer to the API reference guide for detailed information on available endpoints and operations [2][4].

In summary, while there isn't a specific version number mentioned for the Cognito Forms API, it is continuously updated and improved. The most recent major update to the overall Cognito Forms platform (V2) was released in June 2022, which likely included enhancements to the API as well.

How to get a Cognito Forms developer account and API Keys?

Here's how you can get a developer account for Cognito Forms to create an API integration:

1. Sign up for a Cognito Forms account: To get started, you'll need to have a Cognito Forms account. If you don't already have one, sign up for an account on the Cognito Forms website.

2. Become an organization owner or administrator: API access is only available to organization owners and administrators. Ensure you have the appropriate permissions within your Cognito Forms organization.

3. Create an API key: Once you have the necessary permissions, follow these steps to create an API key:

   • Click your organization's name in the top left corner of the Cognito Forms dashboard
   • Click "Settings"
   • Go to the "Integrations" section
   • Select "+ New API Key"

4. Configure API key settings: After creating the API key, you can configure its settings:

   • Set a name and description for the integration
   • Copy and securely store the API access token (it cannot be accessed again later)
   • Set the Form Scope (No Scopes, Read, or Read/Write)
   • Set the Entry Scope (No Scopes, Read, Read/Write, or Read/Write/Delete)
   • Specify which forms and folders the integration can access

5. Use the API key: Use the API key (bearer token) in the Authorization header when making API requests to Cognito Forms.

What can you do with the Cognito Forms API?

Based on the search results provided, here is a list of data models that can be interacted with using the Cognito Forms API, along with what is possible for each:

Forms

• Get Forms: Retrieve information about forms in the organization [3]
• Get Form Fields: Retrieve field information for specific forms [3]
• Get Form Schema: Retrieve the schema for specific forms [3]
• Set Form Availability: Update the availability status of forms (requires Read/Write access) [3]

Entries

• Get Entry: Retrieve individual form entries [3]
• Get Document: Retrieve documents associated with entries [3]
• Create Entry: Create new form entries (requires Read/Write access) [3]
• Update Entry: Update existing form entries (requires Read/Write access) [3]
• Delete Entry: Delete form entries (requires Read/Write/Delete access) [3]

Key points to consider:

• The API allows programmatic interaction with an organization's forms and entries [2]
• Access to these data models is controlled through API key settings and scopes [3]
• Organization owners and administrators can create custom integrations with the API [3]
• The API key can be passed in the URL if the external system doesn't support custom headers [3]
• API usage is subject to billing [4]

Best practices:

• Keep the API key safe and secure, as it cannot be accessed again later [3]
• Use the appropriate scope (No Scopes, Read, Read/Write, Read/Write/Delete) based on your integration needs [3]
• Specify which forms and folders the integration can access for better security control [3]
• Consider using the API for custom integrations when third-party tools are not suitable [2]

It's important to note that the Cognito Forms API primarily focuses on interacting with forms and their entries, allowing for various operations depending on the access level granted to the API key.