Access key
GlossaryA public token (= the form ID) that authorizes submissions — safe to commit client-side.
Definition
An access key is a UUID that identifies a FormLoom form and authorizes submissions to it. Unlike an API secret, it is safe to embed in public HTML or JavaScript because it only allows writing (submitting) to that specific form, not reading existing data. It's the same pattern used by Web3Forms and is inspired by the observation that form endpoints are naturally write-only from the client side.
Why it matters for form backends
You commit it directly in your form's `action` URL or SDK call. There's nothing to hide and nothing to rotate unless you suspect abuse.
Example
html
<form action="https://api.formloom.ai/submit/a1b2c3d4-..." method="POST">
<!-- The UUID in the URL is the access key — safe to commit -->
</form>FAQ
No. An API key is a secret used for management operations (reading submissions, creating forms via API). The access key is the public form ID used in client-side form HTML.
Related terms
Ready to put this into practice?
Add a form to your site in minutes — free access key, copy-paste snippet.