Validations

formbuild.io validates submissions on the server before storing them. Invalid submissions are rejected with a 400 response and an error message.

Built-in behavior by field name

If your form includes a field named email, _replyto, or replyto, we treat it as an email field. When the user submits a non-empty value, it must match a valid email format. If it doesn't, the submission is rejected and we return an error. No HTML or dashboard configuration is required for this.

Configuring extra rules in the dashboard

In your form settings, open the Validations section. You can add rules as JSON: one entry per field name, with a type and optional value.

• email – value must be a valid email (if non-empty)
• required – field must be present and non-empty
• maxLength – use value (number) as maximum character length
• pattern – use value (regex string) to validate format when non-empty

{
  "email": { "type": "email" },
  "message": { "type": "required" },
  "body": { "type": "maxLength", "value": 5000 }
}

When validation fails

If any rule fails, formbuild.io responds with 400 Bad Request and a JSON body with an error message describing which field failed. The submission is not stored. Your form should handle this (e.g. show the message to the user or redirect to an error page). We also enforce a maximum number of fields and a maximum size per field value to avoid abuse; exceeding those returns 400 as well.

← HTML form · Customizing forms →