Initialization

Welcome to the GhostForm engine. This specification outlines the deployment and configuration of secure form endpoints.

The Foundation

01

Provision Identity

Initialize a secure account to manage your form infrastructure.

02

Construct Endpoint

Design your schema using the Field Engine to define data requirements.

03

Deploy anywhere

Integrate your form using our simple copy-paste snippets or REST API.

Global Parameters

Success Message
Visual confirmation payload for terminal users.
Redirect URL
Post-submission navigation destination.
Security Limit
Submission frequency control per unique IP.

Field Engine

The core schema engine supports multi-typed field definitions with server-side integrity checks.

Short Text

Singular string inputs with length constraints.

Encryption Email

Validated identity strings.

Data Buffer

Long-form contextual text content.

Selection Index

Enumerable options for structured data.

Integration

Embed GhostForm into any frontend in minutes. Use direct HTML form posts for static sites or JSON requests for app-driven flows.

HTML Form Integration

POST /api/submit/:slug (HTML)
<form action="https://your-domain.com/api/submit/contact-form" method="POST">
  <input type="text" name="full_name" required />
  <input type="email" name="email" required />
  <button type="submit">Send</button>
</form>

JavaScript Integration

POST /api/submit/:slug (JSON)
const response = await fetch('/api/submit/contact-form', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    full_name: 'Jane Doe',
    email: 'jane@example.com',
    message: 'Hello from web app'
  })
})

const result = await response.json()
  • Use HTML mode for zero-JavaScript sites and static deployments.
  • Use JSON mode when you need custom UI validation or SPA workflows.
  • Configure Redirect URL in Global Settings for post-submit navigation.

API Specification

GhostForm provides a RESTful interface for headless form management and data retrieval.

Endpoint Retrieval

GET /api/forms
[
  {
    "id": "GF_9x7z...",
    "slug": "contact-secure",
    "status": "active",
    "fields": [...]
  }
]

Submission Transmission

POST /api/submit/:slug
{ 
  "full_name": "Identity Unknown", 
  "payload": "Data String" 
}

Security Layer

Industrial grade protection against automated submission attempts.

Rate Limiting Spec

Limits are non-negotiable and enforced at the server foundation. Each IP identity inherits a unique rolling allocation based on your configuration.

Security Controls

Server Validation
Every submission is validated on the server even if client-side checks are bypassed.
Rate Limiting
Per-IP submission thresholds reduce spam and abuse on public endpoints.
Form Status Control
Pause forms instantly from the dashboard without changing embed code.
  • Keep rate limits enabled for internet-facing forms.
  • Use strict required fields only where necessary to reduce friction and bot noise.
  • Monitor submissions regularly and pause compromised forms immediately.

Implementations

Reference implementation patterns for common use-cases across marketing sites, product onboarding, and internal operations.

Landing Page Lead Form

Use HTML embed with Redirect URL to thank-you page for simple acquisition flows.

SaaS Onboarding Form

Use JSON submit to trigger custom UI states, then route users with app-level logic.

Support Intake Pipeline

Use required fields, category select options, and rate limiting to prevent spam bursts.

Internal Ops Requests

Use hidden fields for routing metadata and export submissions as JSON for automation.

Quick Implementation Checklist

  • Define fields with clear labels and minimal required inputs.
  • Choose HTML or JSON integration based on your frontend stack.
  • Set Success Message and optional Redirect URL in Global Settings.
  • Enable rate limits before production launch.