Your form id is your public access key. It's designed to be committed client-side — there's no secret to leak.
No-account keys
The MCP/CLI can mint a key tied only to an email (no signup). POST to /api/keys with an email; you get back the access key and a verification link.
bash
curl -X POST https://api.formloom.ai/api/keys \
-H 'Content-Type: application/json' \
-d '{ "email": "you@email.com" }'Verification
Keys work immediately for basic use; verifying the email (via the magic link) unlocks full features and higher limits.