Forms & Files
Supported content types and file behavior across privacy vs persisted modes
configuration
forms
files
uploads
content-types
multipart
Forms & Files
Supported content types and file behavior across privacy vs persisted modes.
Supported Content Types
FormFeeder accepts multiple content types to accommodate different client implementations:
application/json
Best for JavaScript/AJAX submissions with structured data.
fetch(url, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
name: "John Doe",
email: "[email protected]",
message: "Hello World"
})
})✅ Supports nested objects and arrays
❌ No file uploads
application/x-www-form-urlencoded
Default for HTML forms without files.
<form action="https://api.formfeeder.io/v1/form/abc123" method="POST">
<input name="name" value="John Doe">
<input name="email" value="[email protected]">
<button type="submit">Submit</button>
</form>✅ Simple key-value pairs
❌ No file uploads
❌ No nested data
multipart/form-data
Required for file uploads and mixed content.
<form action="https://api.formfeeder.io/v1/form/abc123" method="POST" enctype="multipart/form-data">
<input name="name" value="John Doe">
<input name="email" value="[email protected]">
<input type="file" name="attachment">
<button type="submit">Submit</button>
</form>✅ File uploads supported
✅ Mixed content types
❌ Larger payload size
File Upload Support
FormFeeder provides comprehensive file upload capabilities with security and performance optimizations.
Default File Limits
| Limit | Default Value | Configurable |
|---|---|---|
| Max file size | 5MB per file | ✅ |
| Max total size | 10MB per submission | ✅ |
| Max files | 5 files per submission | ✅ |
Supported File Types
Images
.jpg,.jpeg- JPEG images.png- PNG images.gif- GIF images.webp- WebP images.svg- SVG vector graphics (sanitized)
Documents
.pdf- PDF documents.doc,.docx- Microsoft Word.txt- Plain text files.rtf- Rich text format
Spreadsheets
.xls,.xlsx- Microsoft Excel.csv- Comma-separated values.ods- OpenDocument Spreadsheet
Archives
.zip- ZIP archives.rar- RAR archives (read-only)
Custom Types
Additional file types can be configured per form through the dashboard or API.
File Validation
FormFeeder performs multiple validation layers:
- MIME Type Detection: Server-side content type validation
- Extension Verification: File extension allowlist checking
- Size Limits: Per-file and total size enforcement
- Content Scanning: Basic malware detection (enterprise plans)
File Storage Architecture
Privacy Mode (Default for Private Forms)
graph LR
A[Form Submission] --> B[Temporary Storage]
B --> C[Connector Processing]
C --> D[Automatic Cleanup]
B -.-> E[24hr Cleanup Job]
E --> D- Files stored in temporary Azure Blob container
- Available during connector execution only
- Automatically deleted after processing
- No permanent file storage or access URLs
- Perfect for GDPR compliance
Regular Mode (Dashboard Forms)
graph LR
A[Form Submission] --> B[Permanent Storage]
B --> C[Connector Processing]
B --> D[File Access URLs]
B --> E[Configurable Retention]- Files stored in persistent Azure Blob container
- Access URLs generated for downloads
- Configurable retention periods
- Analytics and management features
- Team sharing capabilities
File Handling by Destination
Email (MailJet)
- Attachments: Files attached directly to email
- Size Limits: 8MB total across all attachments
- File Limits: Maximum 5 files per email
- Behavior: Files exceeding limits are skipped with warning logs
- Format: Files sent as email attachments with original names
Configuration Example
{
"type": "MailJet",
"config": {
"to": "[email protected]",
"subject": "New Form with Attachments",
"includeAttachments": true,
"maxAttachments": 5,
"maxAttachmentSize": 8388608
}
}Slack
- File Metadata: Shows file information in message
- No Uploads: Files are not uploaded to Slack workspace
- Display Format: Filename, size, content type shown in attachments
- File Links: Download links included (regular mode only)
Example Slack Message
📝 New Form Submission
Name: John Doe
Email: [email protected]
Message: Please find my resume attached.
📎 Attachments:
• resume.pdf (245 KB, application/pdf)
• portfolio.zip (1.2 MB, application/zip)Webhooks
- File URLs: Temporary or permanent URLs provided in payload
- Access Duration: 24 hours (privacy) or configurable (regular)
- Metadata: Complete file information included
- Download: Your webhook endpoint downloads files using provided URLs
Webhook Payload Example
{
"formId": "abc123",
"submissionId": "sub_def456",
"data": {
"name": "John Doe",
"email": "[email protected]"
},
"files": [
{
"fieldName": "resume",
"filename": "resume.pdf",
"contentType": "application/pdf",
"size": 245760,
"url": "https://files.formfeeder.io/temp/abc123/resume.pdf"
}
]
}Form Field Types
FormFeeder handles various HTML form field types automatically:
Text Fields
<input type="text" name="name">
<input type="email" name="email">
<input type="tel" name="phone">
<input type="url" name="website">Selection Fields
<select name="country">
<option value="us">United States</option>
<option value="ca">Canada</option>
</select>
<input type="radio" name="size" value="small">
<input type="radio" name="size" value="large">
<input type="checkbox" name="newsletter" value="yes">File Fields
<!-- Single file -->
<input type="file" name="document">
<!-- Multiple files -->
<input type="file" name="images" multiple>
<!-- Restricted types -->
<input type="file" name="resume" accept=".pdf,.doc,.docx">Advanced Fields
<textarea name="message"></textarea>
<input type="number" name="quantity">
<input type="date" name="birthdate">
<input type="hidden" name="source" value="website">Data Processing Rules
Field Name Normalization
- Field names are case-sensitive and preserved as-is
- Special characters allowed:
-,_,. - Unicode field names supported
- Array notation supported:
items[],person[name]
Value Processing
// String fields
"name" => "John Doe"
// Multiple values (checkboxes, multi-select)
"interests[]" => ["coding", "music", "travel"]
// File fields
"resume" => {
"filename": "resume.pdf",
"contentType": "application/pdf",
"size": 245760
}Empty Field Handling
- Empty strings are preserved
- Unchecked checkboxes are omitted
- Unselected radio buttons are omitted
- Empty file fields are omitted
Security Considerations
File Upload Security
- Content Type Validation: MIME type detection prevents disguised files
- Extension Filtering: Allowlist prevents execution of dangerous files
- Size Limits: Prevent resource exhaustion attacks
- Virus Scanning: Enterprise plans include malware detection
- Sandboxed Storage: Files stored in isolated environment
Form Injection Protection
- XSS Prevention: All form data sanitized before processing
- SQL Injection: Parameterized queries used throughout
- CSRF Protection: Origin validation required
- Rate Limiting: Prevents spam and abuse
Best Practices
For File Uploads
- Always specify
acceptattribute on file inputs - Set reasonable file size limits for your use case
- Use HTTPS for all form submissions
- Validate file types on client side for better UX
For Form Design
- Use appropriate input types (
email,tel, etc.) - Include client-side validation for immediate feedback
- Implement proper error handling for failed submissions
- Consider progressive enhancement for JavaScript-dependent features
Testing File Uploads
Local Development
# Test basic form submission
curl -X POST "https://api.formfeeder.io/v1/form/test123" \
-F "name=Test User" \
-F "[email protected]" \
-F "file=@/path/to/test.pdf"Browser Testing
// JavaScript file upload test
const formData = new FormData();
formData.append('name', 'Test User');
formData.append('file', fileInput.files[0]);
fetch('https://api.formfeeder.io/v1/form/test123', {
method: 'POST',
body: formData
}).then(response => {
console.log('Upload successful:', response.ok);
});Error Scenarios
Test these common error scenarios:
- File too large (should return 413 status)
- Unsupported file type (should return 400 status)
- Too many files (should return 400 status)
- Network timeout during upload
- Invalid form data combined with files