I’m helping clients put a mobile front end on their forms using the latest Gravity Forms API. This form has the Anti-spam honeypot setting turned on. Initially - I thought I could not provide the honeypot field and that this would work, but my messages are rejected as SPAM.
Additionally, we’ve implemented an extra javascript input that is added to the POST request when the form is submitted, so a human would never see it, but submissions will fail validation if this extra input doesn’t contain the expected value.
I’m assuming the absence of this field might be my issue.
I’ve been unable to find any documentation on how to use the API with this turned on. For the foreseeable future, the form will also be available on the web, so turning off the form’s honeypot option isn’t the best solution.
Hi Jeffrey. You can use the /gf/v2/forms/[FORM_ID]/submissions/validation endpoint rather than /gf/v2/forms/[FORM_ID]/submissions to skip certain validations, like the Honeypot.
See the documentation here:
The form submissions endpoint was added in Gravity Forms 2.4, it is used to create an entry by sending input values through the complete form submission process.
This includes the following features and processes:
Saving progress for the save and continue feature
Validation
Configured anti-spam checks e.g. honeypot, captcha, Akismet etc.
Saving the entry to the database
Add-on feeds
Notifications
Confirmations
All the filters and action hooks triggered by a regular form submission
If you want to skip that, use /gf/v2/forms/[FORM_ID]/submissions/validation instead. Here are the relevant docs for that endpoint:
The form submissions/validation endpoint was added in Gravity Forms 2.6.3.2, it is used to validate the form input values.
If the form passes validation the configured anti-spam checks will also be performed.
The following features and processes are NOT supported:
I’m a bit confused -the submissions/validation performs validation and does not submit the form to the entries collection. I’m trying to submit the form data as if it were entered by an end user - including the notifications and confirmations - without running afoul of the honeypot processing. Do I have a fundamental misunderstanding of the API?