Developers · API

Build Formeze into your stack.

A clean REST API for storing form data and running Formeze’s self-hosted semantic autofill from your own backend, scripts, or product — with scoped API keys, per-key rate limits, and an OpenAPI spec.

/api/v1
OpenAPI 3.1
Bearer auth
60 req/min
Formeze

What you can count on

Three commitments shape the API the same way they shape the product.

Built for production

/01

A versioned REST API with predictable, typed responses.

Every endpoint lives under /api/v1 with a consistent JSON envelope, stable error codes, a request id on every response, and a machine-readable OpenAPI 3.1 spec you can generate clients from.

Private by design

/02

Your data never leaves our infrastructure to reach an AI model.

Embeddings and semantic matching run on independent models on our own servers. Field values are encrypted at rest with AES-256-GCM. The API exposes your data to you — and to no third-party AI provider.

Least privilege

/03

Scoped, revocable keys you fully control.

Mint keys with only the scopes an integration needs, set an expiry, and revoke instantly. Keys are stored only as a hash and shown to you exactly once.

Quickstart

From key to autofill in four calls.

Authenticate with a bearer token, store a field, and ask for matches. Everything returns plain JSON.

curl
# 1. Create a key in the dashboard (Settings → API keys)
export FORMEZE_KEY="fmz_..."

# 2. Confirm it works
curl https://formeze.ai/api/v1/me \
  -H "Authorization: Bearer $FORMEZE_KEY"

# 3. Store a field
curl -X POST https://formeze.ai/api/v1/fields \
  -H "Authorization: Bearer $FORMEZE_KEY" \
  -H "Content-Type: application/json" \
  -d '{"fields":[{"label":"Email","value":"ada@example.com"}]}'

# 4. Ask for autofill suggestions
curl -X POST https://formeze.ai/api/v1/autofill \
  -H "Authorization: Bearer $FORMEZE_KEY" \
  -H "Content-Type: application/json" \
  -d '{"labels":["Your email address"],"url":"https://acme.com/signup"}'
autofill response
{
  "suggestions": [
    {
      "queryLabel": "Your email address",
      "matches": [
        {
          "fieldId": "fld_...",
          "storedLabel": "Email",
          "value": "ada@example.com",
          "score": 0.91,
          "confidence": "high",
          "sourceDomain": "acme.com"
        }
      ]
    }
  ],
  "stats": { "queriedFields": 1, "matchedFields": 1, "totalMatches": 1 }
}

What’s in the box

Everything an integration needs.

The building blocks for putting Formeze behind your own product, automation, or internal tools.

/01

Bearer-token auth

Authenticate with a single header — Authorization: Bearer fmz_…. The legacy X-API-Key header keeps working for existing integrations.

Authorization: BearerHashed at restShown once
/02

Scoped & expiring keys

Restrict each key to the operations an integration needs, give it an optional expiry, and revoke it the moment it's no longer used.

Granular scopesOptional expiryInstant revoke
/03

Per-key rate limits

Each key gets its own sliding-window budget, and every response carries X-RateLimit headers so you can back off gracefully.

60 req / min / keyX-RateLimit headers429 + retryAfter
/04

Field storage

Store, list, update, and delete the form data behind autofill. Duplicate values are detected and collapsed automatically.

Up to 100 / requestDedup built inEncrypted values
/05

Semantic autofill

Send a page's labels and get ranked, confidence-scored matches from the same engine that powers the extension — fully self-hosted.

Context-aware rankingConfidence scoresComposite matches
/06

OpenAPI 3.1 spec

Generate clients in any language from the live spec, or drop it into Postman, Insomnia, or your editor of choice.

/api/v1/openapi.jsonTyped schemasClient codegen

Endpoints

The v1 surface.

  • GET/api/v1/meThe account that owns the key, its plan, and limits.
  • GET/api/v1/usageCurrent-period usage versus your plan limits.
  • GET/api/v1/fieldsList stored fields with search, filter, and pagination.
  • POST/api/v1/fieldsCreate up to 100 fields in a single request.
  • GET/api/v1/fields/{id}Fetch a single stored field.
  • PATCH/api/v1/fields/{id}Update a field's value.
  • DELETE/api/v1/fields/{id}Delete a field and its vector.
  • POST/api/v1/autofillRank stored values against a set of form labels.

Scopes

Restrict a key to only what it needs. A key created without scopes has full access.

  • fields:readList and read stored fields
  • fields:writeCreate, update, and delete fields
  • autofillRun semantic autofill / matching

Rate limits & errors

60 requests per minute per key. Responses carry X-RateLimit-* headers; errors use a stable code and a requestId.

Start building

Create a key and make your first call.

Generate a scoped API key from your dashboard, point it at /api/v1, and you’re live. Questions? We’re happy to help.