FF

FIRAFORM

Docs

Comprehensive guides and references for FiraForm.

Form Settings

Configure form behavior, redirects, CAPTCHA, and email notifications

Settings

The Settings page lets you configure how your form behaves, where to redirect users, and who receives email notifications.

Form Status

Form is active (accepting submissions)

Control whether your form accepts new submissions:

  • Enabled (checked) - Form accepts submissions normally
  • Disabled (unchecked) - Form rejects all submissions

Use this to temporarily pause submissions without deleting the form. Useful during maintenance, updates, or when you’ve reached capacity.

CAPTCHA Protection

Protect your form from spam and bots

Enable CAPTCHA to add an extra layer of protection against automated spam submissions. FiraForm uses a privacy-friendly slider CAPTCHA that’s easy for humans but difficult for bots.

Enable CAPTCHA

  • Enabled (checked) - CAPTCHA verification is required before submission
  • Disabled (unchecked) - No CAPTCHA verification (default)

When enabled, users must complete a slider CAPTCHA challenge before their form submission is accepted. This helps prevent:

  • Automated bot submissions
  • Spam attacks
  • Fake or malicious form entries

Adding CAPTCHA to Your Form

After enabling CAPTCHA in Form Settings, you need to add the CAPTCHA widget to your website’s form.

Step 1: Add the CAPTCHA Script

Add this script tag before your closing </form> tag. Replace YOUR-FORM-UUID with your actual form UUID (found on the Forms page):

<form action="https://a.firaform.com/api/f/YOUR-FORM-UUID" method="POST">
    <!-- Your form fields here -->
    <input type="text" name="name" required>
    <input type="email" name="email" required>
    
    <!-- Add the CAPTCHA widget -->
    <script src="https://a.firaform.com/captcha/YOUR-FORM-UUID"></script>
    
    <button type="submit">Submit</button>
</form>

That’s it! The CAPTCHA widget will automatically:

  • Display a slider challenge above your submit button
  • Generate and validate CAPTCHA tokens
  • Prevent form submission until the slider is completed
  • Handle token expiration and regeneration

Customizing CAPTCHA Appearance (Optional)

You can customize the CAPTCHA widget’s appearance by setting window.FiraformCaptchaConfig before loading the CAPTCHA script:

<script>
window.FiraformCaptchaConfig = {
  width: '400px',              // Container width (default: '100%')
  height: '50px',              // Slider height (default: '50px')
  gap: '4px',                  // Gap between handle and border (default: '4px')
  primaryColor: '#4CAF50',     // Success color (default: '#4CAF50')
  backgroundColor: '#f0f0f0',  // Track background (default: '#f0f0f0')
  borderColor: '#e0e0e0',      // Border color (default: '#e0e0e0')
  borderRadius: '25px',        // Border radius (default: '25px')
  handleColor: 'white',        // Handle background (default: 'white')
  handleIconColor: '#666',     // Handle icon color (default: '#666')
  labelText: 'Slide to verify' // Custom label text
};
</script>
<script src="https://a.firaform.com/captcha/YOUR-FORM-UUID"></script>

How CAPTCHA Works

  1. User fills out the form
  2. User drags the slider from left to right to complete the CAPTCHA
  3. Widget generates a secure token and records completion time
  4. On form submission, the token is automatically included with the form data
  5. FiraForm validates the token before accepting the submission
  6. Submission is accepted if CAPTCHA passes (not expired, valid completion time)

Token Expiration: CAPTCHA tokens expire after 5 minutes by default. If the user waits too long after completing the CAPTCHA, they’ll need to complete it again.

Tips

  • Enable when needed: Only enable CAPTCHA if you’re experiencing spam issues
  • Test your form: After enabling CAPTCHA, test your form to ensure it works correctly
  • User experience: CAPTCHA adds friction to legitimate users too, so use it judiciously
  • Mobile-friendly: The slider CAPTCHA works on touch devices (phones and tablets)
  • No tracking: FiraForm’s CAPTCHA is privacy-friendly and doesn’t track users
  • Styling: Customize the colors to match your website’s design

Redirect URLs

Control where users are sent after submitting your form.

Success Redirect URL

Where users go after successful submission

  • Set a URL: Redirect to your own thank-you page (e.g., https://yoursite.com/thank-you)
  • Leave empty: Firaform displays its default success page

Tips:

  • Use your own branded thank-you page for better user experience
  • Add tracking parameters to measure conversions: https://yoursite.com/thanks?utm_source=form
  • Show next steps or related content on your success page

Error Redirect URL

Where users go when submission fails validation

  • Set a URL: Redirect to your own error page with validation details
  • Leave empty: Firaform displays its default error page

Understanding Error Data

When redirecting to your custom error page, Firaform passes validation errors as a URL parameter:

https://yoursite.com/error?errors={"email":["The email field is required"],"name":["The name must be at least 2 characters"]}

The errors parameter contains a JSON object where:

  • Keys are field names (e.g., email, name, phone)
  • Values are arrays of error messages for that field

Displaying Errors on Your Page

Use JavaScript to parse and display the errors:

<div id="error-messages"></div>

<script>
// Get errors from URL parameter
const urlParams = new URLSearchParams(window.location.search);
const errorsJson = urlParams.get('errors');

if (errorsJson) {
    const errors = JSON.parse(errorsJson);
    const container = document.getElementById('error-messages');
    
    // Display each error
    for (const [field, messages] of Object.entries(errors)) {
        messages.forEach(message => {
            const p = document.createElement('p');
            p.textContent = message;
            container.appendChild(p);
        });
    }
}
</script>

Common Validation Errors:

  • Required field missing: "The [field] field is required"
  • Email format invalid: "The email must be a valid email address"
  • Value too short/long: "The [field] must be at least X characters"
  • Number out of range: "The [field] must be at least X"
  • File too large: "The [field] must not be greater than X kilobytes"
  • Invalid file type: "The [field] must be a file of type: pdf, jpg, png"

Email Notifications

Get notified when someone submits your form.

Notification Email(s)

Email addresses that receive submission notifications

Enter one or more email addresses separated by commas:

admin@yoursite.com, sales@yoursite.com, support@yoursite.com

Important: Only team members can receive notifications. The email addresses must belong to users who are members of your team. This prevents unauthorized access to form data.

The settings page displays all your team members’ email addresses below the input field.

Attach Files to Notifications

Include uploaded files in notification emails

  • Enabled - Files are attached to the notification email
  • Disabled - Email contains a link to download files (recommended)

⚠️ Not recommended for large files: Email providers have attachment size limits (typically 10-25MB). Large files may cause email delivery to fail. Consider leaving this disabled and downloading files from the submissions page instead.

Form Information

View important details about your form:

  • Form ID - The unique UUID for this form
  • API Endpoint - The URL to submit data to this form
  • Created - When the form was created
  • Total Submissions - Number of submissions received

Copy the API endpoint to use in your HTML forms or API integrations.

Deleting a Form

⚠️ Danger Zone - This action cannot be undone

Only team owners and managers can delete forms.

Deleting a form permanently removes:

  • The form and all its settings
  • All submissions and their data
  • All uploaded files
  • All field configurations
  • All domain whitelists
  • All webhooks and integrations

To delete a form:

  1. Scroll to the Danger Zone section at the bottom
  2. Click Delete Form
  3. Type the form name exactly to confirm
  4. Click Delete Forever

Before deleting:

  • Export your submissions to CSV if you need the data
  • Download any important uploaded files
  • Update any websites or apps that use this form’s endpoint

Alternative to deletion: If you just want to stop accepting submissions temporarily, disable the form using the “Form is active” checkbox instead.

Tips

  • Test redirects: Submit a test entry to verify your redirect URLs work correctly
  • Branded experience: Use custom redirect URLs to keep users on your site
  • Monitor notifications: Make sure notification emails aren’t going to spam folders
  • Team access: Add team members before setting up email notifications
  • Error handling: Create a friendly error page that explains what went wrong and how to fix it