API & SDK
The Fola Form platform exposes three programmatic surfaces:
REST API
Section titled “REST API”Base URL: https://api.folaform.com/api/v1
Auth: bearer token (the same JWT issued at workspace login) or an
API key issued from Settings → API keys (paid tiers only).
Pass as Authorization: Bearer <token>.
Every workspace surface has a corresponding REST endpoint — list
clients, create forms, run AI Autofill, manage subscriptions. The
full endpoint catalogue is generated from the backend’s OpenAPI spec
and is browsable at /api/v1/openapi.json.
TypeScript SDK
Section titled “TypeScript SDK”@folaform/forms-sdk on npm. Per-form typed schemas + a runtime
FORM_REGISTRY regenerated from the canonical form definitions on
every release.
import { FORM_REGISTRY, type I130Inputs } from '@folaform/forms-sdk';
const inputs: I130Inputs = { petitionerFamilyName: 'Doe', // …};The SDK is build-time-only; it doesn’t make HTTP calls itself.
Combine with fetch against the REST API for full workflows.
Webhooks
Section titled “Webhooks”Subscribe to org-scoped events at Settings → Webhooks (paid tiers). Events fire over HTTPS POST with HMAC signing:
client.createdcase.status_changedform.filledinvoice.issuedinvoice.paidinvoice.failed
Retry policy: 3 retries on 5xx, exponential backoff (1s, 4s, 16s).
Signature header is X-Fola-Signature: t=<timestamp>,v1=<hex>; verify
by HMAC-SHA256 of <timestamp>.<body> against your webhook secret.
Rate limits
Section titled “Rate limits”- 60 requests/minute per API key
- 600 requests/hour per org
429s carry a Retry-After header. Enterprise tier raises these
ceilings; talk to sales.
Was this page helpful?
Thanks — noted.