AppSumoAppSumo Lifetime Deal starting at $39
Get the Deal Now!
LeadToSheet LogoLeadToSheet

Using Form Endpoint URLs

Point a standard HTML form at a LeadToSheet endpoint when you want capture without JavaScript.

When to use a form endpoint

A Form Endpoint is a generated URL for traditional HTML forms. Set your form's action attribute to the endpoint URL and submit with POST; LeadToSheet records the fields and runs the normal lead pipeline.

  • Use it for static sites, simple landing pages, and environments where you prefer server-style form posts.
  • It does not require the JavaScript SDK to intercept the form.
  • It is separate from REST API keys, which are for server-side or backend-created leads.

Set it up

  1. 1

    Open Sources

    Open the site in LeadToSheet, choose Sources, then click Form Endpoint.

  2. 2

    Create or copy the endpoint

    Copy the generated endpoint URL for that site.

  3. 3

    Update your form

    Set the form action to the LeadToSheet URL and submit with method="POST".

  4. 4

    Test the form

    Submit a test lead and confirm it appears in LeadToSheet before sending real traffic to the page.

Tip

A minimal form looks like <form action="https://www.leadtosheet.com/f/<your-endpoint-id>" method="POST"> with your normal input fields inside — the endpoint accepts whatever field names you use. If you'd rather POST JSON via fetch(), set Content-Type: application/json and send the fields object directly.

Pick a response mode

Form Endpoints support three response modes, each suited to a different setup. Switch between them on the endpoint's settings card.

  • Redirect (default) — after submitting, the visitor is sent on to another page. If you fill in your own thank-you URL, they go there; if you leave it blank, they're sent back to the page they submitted from. Use this when you have your own thank-you page or want to pass tracking params to an analytics tool.
  • Thanks page — the visitor lands on a LeadToSheet-hosted thanks page at /f/<endpoint-id>/thanks after submission. Good for static sites that don't have a thank-you page of their own.
  • JSON — the endpoint returns { ok: true, id: <submissionId> } as JSON with permissive CORS (Access-Control-Allow-Origin: *). Use this when submitting via fetch() / XHR from a JavaScript handler that wants to render its own confirmation UI.

Tip

Only POST is accepted on the endpoint URL — GET, PUT, DELETE, and PATCH all return 405 method not allowed. CORS for the OPTIONS preflight is wired automatically.

Lock it down

The endpoint's settings card has three optional protections you'll want to set before public traffic hits the URL.

Allowed domains

List the domains your form can be submitted from, one per line (for example, example.com and www.example.com). Submissions from any other origin get a 403 response. Leave the field empty if you want to allow any origin.

Honeypot field

Add a hidden input — <input name="_gotcha"> by default — to your form. Real visitors leave it empty; bots fill every field they see. When the honeypot is filled, the submission is dropped silently with no error returned. Rename the field from the settings card if your existing form already uses _gotcha for something else.

File uploads and disabling

  • File uploads — the endpoint accepts multipart/form-data, so file inputs work without any extra setup. Limits: up to 10 MB per file, up to 5 files per submission, and 20 MB total across all files in one submission.
  • Disable — flip the Disabled toggle to stop accepting submissions without deleting the endpoint. Disabled endpoints return a 404 and skip the lead pipeline entirely.

Rate limits

LeadToSheet enforces two safety limits on the endpoint: up to 30 requests per IP per minute and up to 120 requests per endpoint per minute. Exceeding either returns a 429 response — real form traffic almost never hits these, but they protect you from bursty bot floods.

Previous

Embedding & Sharing Your Forms

Next

Posting Leads with the REST API