Validations
formbuild.io validates every response on the server before storing it. Invalid responses are rejected with a 400 status and a clear error message — so bad data never reaches your Inbox.
Automatic validation
Some validation happens automatically without any configuration:
- Email fields: if your form includes a field named
email,_replyto, orreplyto, a non-empty value must be a valid email address. - Field limits: we enforce a maximum number of fields and a maximum size per field value to prevent abuse.
Custom validation rules
In your form settings, open the Validations section. Add rules as a JSON object — one entry per field name, each with a type and an optional value.
Available rule types
| Type | Value | Behavior |
|---|---|---|
required | — | Field must be present and non-empty |
email | — | Must be a valid email address (if non-empty) |
maxLength | Number | Maximum character count |
pattern | Regex string | Must match the regex pattern (if non-empty) |
Example configuration
{
"email": { "type": "email" },
"message": { "type": "required" },
"body": { "type": "maxLength", "value": 5000 },
"phone": { "type": "pattern", "value": "^\\+?[0-9\\s\\-]{7,15}$" }
}When validation fails
If any rule fails, we respond with 400 Bad Request and a JSON body containing an error message that tells you which field failed and why.
{
"error": "Validation failed: email must be a valid email address"
}The response is not stored. If you're submitting via fetch(), check the response status and show the error to the user. For standard HTML forms, the error page is displayed automatically.
Tips
- Use
requiredon fields you absolutely need — e.g. email on a contact form. - Combine
requiredwithmaxLengthto prevent oversized responses. - Client-side validation (HTML
required,pattern) gives users instant feedback, but always rely on server-side rules as the guardrail.