Skip to main content

Integrations & API

MSK Forms connects to the rest of your stack through outgoing webhooks, Zapier / Make, and a REST API.

Outgoing webhooks

Pro feature

Webhooks require a Pro subscription.

Register HTTP endpoints that receive a POST when something happens. Manage them on Dashboard → your server → Webhooks (manager-only).

Events:

  • submission.created
  • submission.status_changed

Delivery:

  • Each request is HMAC-SHA256 signed with a per-webhook secret, sent as X-MSK-Signature: sha256=…, alongside X-MSK-Event.
  • Deliveries are queued (an outbox) and drained by the bot every 15 seconds, with retry + backoff up to 6 attempts before being marked failed.
  • The payload is hydrated at delivery time with the full submission: form metadata, status, score, applicant, and formatted answers.

Verify a webhook by recomputing the HMAC over the raw request body with your secret and comparing it to the X-MSK-Signature header.

Zapier & Make

Enterprise feature

The integration REST hooks require an Enterprise subscription and an API key.

Zapier and Make connect through a REST-hook layer on top of the webhook infrastructure, authenticated with an API key (Bearer token).

EndpointPurpose
GET /api/v1/meConnection / auth test (the "Connect" step).
POST /api/v1/hooksSubscribe — creates a hook, returns its id.
GET /api/v1/hooksList your hooks.
DELETE /api/v1/hooks/{hookId}Unsubscribe (idempotent, guild-scoped).

Subscribed hooks receive the same hydrated payloads as manual webhooks. Both platforms already work through their generic REST-hook / custom-API flows; a published Zapier app may follow.

REST API

Enterprise feature

The REST API requires an Enterprise subscription.

API keys

Create and manage keys on Dashboard → your server → API (manager-only; creating a key is Enterprise-gated). The secret is shown once on creation — store it then; only a hash is kept. Keys are prefixed mskf_.

Authorization: Bearer mskf_xxxxxxxxxxxxxxxxxxxx

Each key is scoped to its guild and rate-limited. Downgrading from Enterprise revokes API access automatically.

Endpoints

EndpointReturns
GET /api/v1/meAuth check + your guild context.
GET /api/v1/forms/{formId}/submissionsAll submissions for a form (scoped to the key's guild), as JSON: { form, count, submissions }.
POST / GET / DELETE /api/v1/hooksManage REST hooks (see above).

Example:

curl -H "Authorization: Bearer mskf_xxxxxxxxxxxx" \
  https://forms.msk-scripts.de/api/v1/forms/<formId>/submissions
info

Next: Plans & Limits — which features each tier includes.