Public API - Item to Form Docs | Prodactive Software

Public API

The Fill public API lets developers create and manage Fill forms with service tokens. The implemented public surface is the form management API at /api/v1/forms.

Authentication

Every public API request must include a service token in the Authorization header. Service tokens are created inside the authenticated Fill app and can expire after 30, 60, or 90 days, or be created without an expiration. A token is shown only once when it is created.

Authorization: Bearer fill_sk_live_...
Content-Type: application/json

OAuth requirement: The monday.com user who created the service token must have completed monday OAuth. Otherwise API actions return oauth_required.

Postman Collection

Import the collection, set baseUrl to your Fill backend URL, and set serviceToken to a Fill service token.

Download Postman collection

Common Fields

Field	Type	Required	Meaning
target	`item` \| `board`	Yes	Whether the form updates existing items or creates new board items.
form.columns	array	Yes on create	Column configuration. Each object requires `id` and can include validations, readonly, allowed people, linked item allowlists, and description.
form.settings	object	No	Form behavior: notification flag, editing after submit, password, message, and expiration.
conflictStrategy	`skip` \| `overwrite`	No	Item-target creation behavior when an item already has a form.
mode	`single_use` \| `permanent`	No	Board-target link mode. Defaults to `permanent`.

Settings Fields

notifyOnSubmit boolean, optional, default false: send a monday.com notification when a form is submitted.
allowEditingAfterSubmit boolean, optional, default false: allow the same link to submit updated answers.
password string or null, optional: set or clear password protection. Non-empty passwords must be at least 6 characters. Passwords are never returned by the API.
customMessage string or null, optional: message shown above the public form fields.
expirationDate ISO 8601 UTC string or null, optional: date after which the form stops accepting submissions.

Column Input Fields

id string, required: monday.com column ID.
validations array, optional: rules with operator and value. Operators include required, numeric comparisons, text checks, list inclusion, and date comparisons.
readonly boolean, optional: show the current monday value without allowing edits.
allowedPeople array, optional: allowed People column choices, each with id and name.
allowedLinkedItemIds array, optional: allowed item IDs for Connected Boards columns.
description string, optional: helper text shown below the field label, up to 5,000 characters.

Response Shape

Successful public API responses wrap the payload in { "data": ... }. Form responses include:

id: Fill form ID.
target: item or board.
config.mode: returned for board forms only.
form.settings: public-safe settings. Password values are never returned.
form.columns: stored form columns with monday title and type metadata.
formUrl: public form URL, or null if the URL cannot be generated.
acceptingSubmissions, createdAt, and optional updatedAt.

POST /api/v1/forms

Create Forms

Create one or more Fill forms. Item targets can create up to 50 forms in one request. Board targets create one board-backed link.

Authentication

Required: Bearer service token.

Required headers

Authorization. Add Content-Type: application/json when sending a JSON body.

Path parameters

None

Query parameters

None

Request body

For target item: target, config.itemIds, optional config.conflictStrategy, form.columns, optional form.settings. For target board: target, config.boardId, optional config.mode, form.columns, optional form.settings.

Success response

200 OK with data.forms array.

Example request

curl -X POST "{{baseUrl}}/api/v1/forms" \
  -H "Authorization: Bearer {{serviceToken}}" \
  -H "Content-Type: application/json" \
  -d '{
    "target": "item",
    "config": {
      "itemIds": ["123456789"],
      "conflictStrategy": "skip"
    },
    "form": {
      "settings": {
        "notifyOnSubmit": true,
        "allowEditingAfterSubmit": false,
        "customMessage": "Please confirm the details below.",
        "expirationDate": "2026-06-01T00:00:00.000Z",
        "password": "client-intake"
      },
      "columns": [
        {
          "id": "email",
          "validations": [{ "operator": "required", "value": true }]
        },
        {
          "id": "status",
          "readonly": true,
          "description": "Current project status"
        }
      ]
    }
  }'

Board-backed example

curl -X POST "{{baseUrl}}/api/v1/forms" \
  -H "Authorization: Bearer {{serviceToken}}" \
  -H "Content-Type: application/json" \
  -d '{
    "target": "board",
    "config": {
      "boardId": "987654321",
      "mode": "permanent"
    },
    "form": {
      "columns": [
        { "id": "name" },
        { "id": "email" },
        { "id": "status" }
      ]
    }
  }'

Example success response

{
  "data": {
    "forms": [
      {
        "id": "65f1a6f8c2d1e9a123456789",
        "target": "item",
        "form": {
          "settings": {
            "notifyOnSubmit": true,
            "allowEditingAfterSubmit": false,
            "customMessage": "Please confirm the details below.",
            "expirationDate": "2026-06-01T00:00:00.000Z"
          },
          "columns": [
            {
              "id": "email",
              "title": "Email",
              "type": "email",
              "validations": [{ "operator": "required", "value": true }]
            }
          ]
        },
        "formUrl": "https://...",
        "acceptingSubmissions": true,
        "createdAt": "2026-04-30T15:25:00.000Z",
        "updatedAt": "2026-04-30T15:25:00.000Z"
      }
    ]
  }
}

GET /api/v1/forms

List Forms

Return a paginated list of forms for the token account, newest first.

Authentication

Required: Bearer service token.

Required headers

Authorization. Add Content-Type: application/json when sending a JSON body.

Path parameters

None

Query parameters

page integer min 1 default 1; limit integer 1-100 default 10; itemId optional string; boardId optional string.

Request body

None

Success response

200 OK with data.forms and data.pagination.

Example request

curl "{{baseUrl}}/api/v1/forms?page=1&limit=10&boardId=987654321" \
  -H "Authorization: Bearer {{serviceToken}}"

Example success response

{
  "data": {
    "forms": [
      {
        "id": "65f1a6f8c2d1e9a123456789",
        "target": "board",
        "config": { "mode": "permanent" },
        "form": {
          "settings": {
            "notifyOnSubmit": false,
            "allowEditingAfterSubmit": false,
            "customMessage": null,
            "expirationDate": null
          },
          "columns": []
        },
        "formUrl": "https://...",
        "acceptingSubmissions": true,
        "createdAt": "2026-04-30T15:25:00.000Z"
      }
    ],
    "pagination": {
      "page": 1,
      "limit": 10,
      "total": 1,
      "totalPages": 1
    }
  }
}

GET /api/v1/forms/:formId

Get a Form

Fetch one form by Fill form ID.

Authentication

Required: Bearer service token.

Required headers

Authorization. Add Content-Type: application/json when sending a JSON body.

Path parameters

formId string, Mongo ObjectId format.

Query parameters

None

Request body

None

Success response

200 OK with data.form.

Example request

curl "{{baseUrl}}/api/v1/forms/65f1a6f8c2d1e9a123456789" \
  -H "Authorization: Bearer {{serviceToken}}"

Example success response

{
  "data": {
    "form": 
      {
        "id": "65f1a6f8c2d1e9a123456789",
        "target": "item",
        "form": {
          "settings": {
            "notifyOnSubmit": true,
            "allowEditingAfterSubmit": false,
            "customMessage": "Please confirm the details below.",
            "expirationDate": "2026-06-01T00:00:00.000Z"
          },
          "columns": [
            {
              "id": "email",
              "title": "Email",
              "type": "email",
              "validations": [{ "operator": "required", "value": true }]
            }
          ]
        },
        "formUrl": "https://...",
        "acceptingSubmissions": true,
        "createdAt": "2026-04-30T15:25:00.000Z",
        "updatedAt": "2026-04-30T15:25:00.000Z"
      }
  }
}

PATCH /api/v1/forms/:formId

Update a Form

Update form settings, columns, or both. At least one of form.settings or form.columns is required.

Authentication

Required: Bearer service token.

Required headers

Authorization. Add Content-Type: application/json when sending a JSON body.

Path parameters

formId string, Mongo ObjectId format.

Query parameters

None

Request body

form object with optional settings and optional columns.

Success response

200 OK with data.form.

Example request

curl -X PATCH "{{baseUrl}}/api/v1/forms/65f1a6f8c2d1e9a123456789" \
  -H "Authorization: Bearer {{serviceToken}}" \
  -H "Content-Type: application/json" \
  -d '{
    "form": {
      "settings": {
        "allowEditingAfterSubmit": true,
        "expirationDate": null
      },
      "columns": [
        {
          "id": "email",
          "validations": [{ "operator": "required", "value": true }]
        }
      ]
    }
  }'

Example success response

{
  "data": {
    "form": 
      {
        "id": "65f1a6f8c2d1e9a123456789",
        "target": "item",
        "form": {
          "settings": {
            "notifyOnSubmit": true,
            "allowEditingAfterSubmit": false,
            "customMessage": "Please confirm the details below.",
            "expirationDate": "2026-06-01T00:00:00.000Z"
          },
          "columns": [
            {
              "id": "email",
              "title": "Email",
              "type": "email",
              "validations": [{ "operator": "required", "value": true }]
            }
          ]
        },
        "formUrl": "https://...",
        "acceptingSubmissions": true,
        "createdAt": "2026-04-30T15:25:00.000Z",
        "updatedAt": "2026-04-30T15:25:00.000Z"
      }
  }
}

PATCH /api/v1/forms/:formId/active

Pause or Resume a Form

Toggle whether a form accepts new submissions. Used-up single-use links cannot be reactivated.

Authentication

Required: Bearer service token.

Required headers

Authorization. Add Content-Type: application/json when sending a JSON body.

Path parameters

formId string, Mongo ObjectId format.

Query parameters

None

Request body

active boolean, required.

Success response

200 OK with data.form.

Example request

curl -X PATCH "{{baseUrl}}/api/v1/forms/65f1a6f8c2d1e9a123456789/active" \
  -H "Authorization: Bearer {{serviceToken}}" \
  -H "Content-Type: application/json" \
  -d '{ "active": false }'

Example success response

{
  "data": {
    "form": 
      {
        "id": "65f1a6f8c2d1e9a123456789",
        "target": "item",
        "form": {
          "settings": {
            "notifyOnSubmit": true,
            "allowEditingAfterSubmit": false,
            "customMessage": "Please confirm the details below.",
            "expirationDate": "2026-06-01T00:00:00.000Z"
          },
          "columns": [
            {
              "id": "email",
              "title": "Email",
              "type": "email",
              "validations": [{ "operator": "required", "value": true }]
            }
          ]
        },
        "formUrl": "https://...",
        "acceptingSubmissions": true,
        "createdAt": "2026-04-30T15:25:00.000Z",
        "updatedAt": "2026-04-30T15:25:00.000Z"
      }
  }
}

DELETE /api/v1/forms/:formId

Delete a Form

Delete a Fill form by ID.

Authentication

Required: Bearer service token.

Required headers

Authorization. Add Content-Type: application/json when sending a JSON body.

Path parameters

formId string, Mongo ObjectId format.

Query parameters

None

Request body

None

Success response

200 OK with deleted form ID and deletion timestamp.

Example request

curl -X DELETE "{{baseUrl}}/api/v1/forms/65f1a6f8c2d1e9a123456789" \
  -H "Authorization: Bearer {{serviceToken}}"

Example success response

{
  "data": {
    "formId": "65f1a6f8c2d1e9a123456789",
    "deletedAt": "2026-04-30T15:30:00.000Z"
  }
}

Errors

Error responses use { "error": { "code", "message" } }and may include details. Implemented public API error codes include invalid_request, invalid_token, token_revoked, token_expired, oauth_required, rate_limited, quota_exceeded, form_not_found, target_not_accessible, conflict, and validation_failed.

{
  "error": {
    "code": "invalid_token",
    "message": "Missing service token"
  }
}

{
  "error": {
    "code": "validation_failed",
    "message": "Validation failed",
    "details": [
      {
        "field": "form.columns",
        "message": "At least one column is required"
      }
    ]
  }
}

{
  "error": {
    "code": "conflict",
    "message": "Some items already have active forms",
    "details": {
      "conflicts": ["123456789"]
    }
  }
}