Server Side Validation

  • Updated on Jul 14, 2025
  • 2 minute(s) read
Prev Next

This article will show you how to use server-side validation to validate form fields. This will allow you to call the endpoint once prior to submission and once before your workflow begins. You can use a Custom URL or a Hosted API to use in validation.

An example use case could be for validating an address within your desired state or postcode.

Set Up Validation

  1. Sign in to your site

  2. Navigate to the Forms Forms menu.

  3. Select the form you want to validate Select form.

  4. On the Summary tab, scroll down to Validation Validation.

  5. Select Custom URL or Hosted API and add a custom URL or a hosted API endpoint to the form Custom URL or hosted API.

    • Custom URLCustom URL.

      • URL: Provide the URL for the specific API endpoint that you want the form to validate against

      • Secret: Select an existing secret from the drop-down or add a new one

    • Hosted APIHosted API.

      • Hosted API: Select a previously created Hosted API from the list

      • Route: Choose an available route for the Hosted API

      • Secret: Select an existing secret from the drop-down or add a new one

  6. Click Save Save Developer tools.

Example Validation

For an example of Server Side Validation check out our GitHub.

Example Payload

{"formsAppId": 1,"formId": 1,"externalId": "external identifier","secret": "ssshhh","submissionId": "85fad0a4-b778-4aea-a6e7-671d84d58156","submissionTimestamp": "2018-01-01T00:00:00.000Z","jobId": "29e8138d-b28c-49da-b357-f4974adbf0a6","previousFormSubmissionApprovalId": "04dc6796-f593-47a6-ac21-5e00473d86a1","submission": {"First_Name": "Jane","Last_Name": "Smith"},"ipAddress": "86.124.75.76","keyId": "","user": {"userId": "81798353-7c7a-481b-89f2-8c5fb83209ca","providerType": "Google","providerUserId": "234891839120312839123","username": "[email protected]","email": "[email protected]","firstName": "Jane","lastName": "Smith","fullName": "Jane Smith","picture": "https://lh3.googleusercontent.com/a/AATXAJyQ6F_frDWNQguRuVrRmKKs22PYkXDTQlzgDRjp=s96-c"},"device": {"type": "BROWSER","appCodeName": "Mozilla","appName": "Netscape","appVersion": "5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36","cookieEnabled": true,"hardwareConcurrency": 12,"language": "en-GB","maxTouchPoints": 0,"platform": "MacIntel","userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36","vendor": "Google Inc.","webdriver": false}}

Note: The first call prior to submission will not include the submission ID, Submission timestamp, secret, IP address, and device information.

Validation Fails

  • If the validation fails on the first call prior to the submission, the user will be shown a failure modal. This can be used to include an informative error message explaining why the form failed the validation. For example, "The address you are using is not within the expected Postcode." Failed validation message.

  • If the validation fails on the second call prior to the workflow then an email will be sent to the notification email address configured for the app that the form is being submitted from.

  • If the validation succeeds the form will be submitted as normal.

Related articles