Onboarding with 123FormBuilder — Free Signup to a JWT and Your First Forms Call

Onboarding with 123FormBuilder — Free Signup to a JWT and Your First Forms Call

In the companion profile I walked the 123FormBuilder footprint from the outside. This video gets hands-on — a cold start from the docs to a working call against the REST API v2, narrating the real friction along the way.

I run these as a real first-time developer would — no shortcuts — because the distance between “the docs say” and “what actually happens” is where developer experience lives or dies.

The path to a token

The v2 docs open with the right instinct: all actions are done using tokens, which can be easily generated or invalidated — you should start with authentication. What they don’t say is that you need to be a customer first. There’s no “create an account” step in the docs, so:

  1. Back out to the main site and sign up for the free Basic plan — email, password, a few onboarding questions (what you’re building, company size, industry), and you land in the dashboard.
  2. Return to the docs’ Swagger UI and hit POST /token. The parameters are username, email, password, and passhash — and it takes a minute to work out that your username is your email address.
  3. The MD5 detour. The token endpoint accepts either your plain-text password or an MD5 passhash. I went hunting for an online MD5 hash tool, hashed the password, pasted it in — and got a token back in the response body.
  4. The first real call. GET /forms with the JWT as a query parameter, 25 per page — and a 200 came back with an empty data array, formatted as JSON API. No forms yet, but authenticated and onboarded.

Hello world, in a pretty short time overall.

What the run surfaced

  • The docs assume you’re already a customer. Nothing in the developer center points you at the signup flow — a one-line “you’ll need an account, start here” would remove the only real dead end.
  • Username is your email. Small thing, but I had to go check my account details to figure it out.
  • MD5 passhash is a dated pattern. Handing your password (or an MD5 of it) over as request parameters works, but it’s a long way from the OAuth and scoped-key flows most APIs have moved to — and the JWT then rides along as a query parameter on every call.
  • The Swagger UI try-it-out is a genuine asset. The whole onboarding happened inside the docs — no Postman, no curl needed to reach the first 200.

Dig into the details

More provider profile-and-onboard pairs are coming on YouTube @APISearch.

← Media and Entertainment on APIs.io: The Content Pipeline
One Install Button for Your MCP Server, Across Every Client →