API reference
The API supports session-authenticated dashboard calls and external Bearer API keys. API keys can be scoped to form creation, submission reads, and spam submission reads.
Authentication
Use Bearer authentication for API keys:
Authorization: Bearer frk_...
Missing or invalid credentials return 401. Missing API key
permissions return 403.
Create form
Create a form with:
POST https://forms.rizzness.com/api/forms
{ "name": "Contact Intake" }
Requires API key permission:
can_create_forms.
List submissions
Fetch non-spam submissions with:
GET https://forms.rizzness.com/api/submissions.
Supports form_id, range (24h,
7d, 30d), and q.
Requires API key permission:
can_read_submissions.
List spam submissions
Fetch spam submissions with:
GET https://forms.rizzness.com/api/submissions/spam.
Supports the same filters as the non-spam endpoint.
Requires API key permission:
can_read_spam_submissions.