Submissions
When someone fills out your form, Formoar processes the submission through several stages: validation, spam checking, storage, and email delivery. This page explains the full submission lifecycle.
Submission flow
Every submission goes through these steps:
- Form lookup — The endpoint checks that the form exists and is active
- Origin check — If allowed origins are configured, the request origin is validated
- Body parsing — JSON or FormData is parsed into key-value pairs
- Rate limiting — IP-based rate limiting prevents abuse (5 requests per minute per IP)
- Spam checks — Honeypot field and optional Cloudflare Turnstile verification
- Monthly limit — Atomic check against your plan's monthly submission quota
- Storage — The submission is saved to your form's submission history
- Email notification — If enabled, an email is sent with the submission data
Submission data
All form field names and values are stored as key-value pairs. Fields that start with _ (underscore) are treated as metadata and excluded from email notifications.
- Name
_honeypot- Type
- string
- Description
Reserved for the honeypot spam trap. Must be empty.
- Name
_turnstile- Type
- string
- Description
Cloudflare Turnstile verification token.
Monthly limits
Each plan has a monthly submission limit. Submissions are counted from the 1st of each month (UTC). When the limit is reached, new submissions are rejected with a 429 status code.
| Plan | Monthly Limit |
|---|---|
| Free | 50 |
| Starter | 500 |
| Pro | 5,000 |
| Business | 50,000 |
Data retention
Submissions are automatically deleted after the retention period for your plan:
| Plan | Retention |
|---|---|
| Free | 30 days |
| Starter | 90 days |
| Pro | 365 days |
| Business | Unlimited |
Viewing submissions
All submissions are visible in your Formoar dashboard. You can view individual submissions, see their metadata (IP address, user agent, referrer), and filter by date range.