Using the API on forms with honeypot proection turned on

I’m helping clients put a mobile front end on their forms using the latest Gravity Forms API. This form has the Anti-spam honeypot setting turned on. Initially - I thought I could not provide the honeypot field and that this would work, but my messages are rejected as SPAM.

I found this in Enhancements for Spam Honeypot (gravityforms.com):

Additionally, we’ve implemented an extra javascript input that is added to the POST request when the form is submitted, so a human would never see it, but submissions will fail validation if this extra input doesn’t contain the expected value.

I’m assuming the absence of this field might be my issue.

I’ve been unable to find any documentation on how to use the API with this turned on. For the foreseeable future, the form will also be available on the web, so turning off the form’s honeypot option isn’t the best solution.

TIA!

Hi Jeffrey. You can use the /gf/v2/forms/[FORM_ID]/submissions/validation endpoint rather than /gf/v2/forms/[FORM_ID]/submissions to skip certain validations, like the Honeypot.

See the documentation here:

The form submissions endpoint was added in Gravity Forms 2.4, it is used to create an entry by sending input values through the complete form submission process.

This includes the following features and processes:

  • Saving progress for the save and continue feature
  • Validation
  • Configured anti-spam checks e.g. honeypot, captcha, Akismet etc.
  • Saving the entry to the database
  • Add-on feeds
  • Notifications
  • Confirmations
  • All the filters and action hooks triggered by a regular form submission

If you want to skip that, use /gf/v2/forms/[FORM_ID]/submissions/validation instead. Here are the relevant docs for that endpoint:

The form submissions/validation endpoint was added in Gravity Forms 2.6.3.2, it is used to validate the form input values.

If the form passes validation the configured anti-spam checks will also be performed.

The following features and processes are NOT supported:

  • Saving progress for the save and continue feature
  • Payment add-on validation
  • Saving the entry
  • Add-on feeds
  • Notifications
  • Confirmations
  • Most of the filters and action hooks triggered by a regular form submission. Note: validation filters such as gform_pre_validation, gform_field_validation, and gform_validation will be triggered.

If you require any of the above you should use the form submissions endpoint instead.

If you have any other questions, please let us know.

I’m a bit confused -the submissions/validation performs validation and does not submit the form to the entries collection. I’m trying to submit the form data as if it were entered by an end user - including the notifications and confirmations - without running afoul of the honeypot processing. Do I have a fundamental misunderstanding of the API?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.