Forms Intake

Approve forms, enforce exact origins, and store arbitrary submissions in SQLite.

Approved-form backend

This service accepts submissions only for admin-approved forms and only from exact origins attached to those forms.

Admin Login

Public flow

  1. Your frontend requests a short-lived submit session from /api/public/forms/:publicID/session.
  2. The backend checks the exact Origin header against the form allowlist.
  3. The frontend posts JSON fields to /api/public/forms/:publicID/submissions with the one-time token in X-Form-Session.