Is there any way for me to guarantee the authenticity of a form?

  • Profile Image
    Asked on January 13, 2020 at 09:22 AM

    We're building a small website and we're hoping to embed jotforms into it. The particular use-case is that people sign up to our site and they want to buy things.

    The jotforms get embedded into an iframe, and we'd have a form where they can request boots and there would be questions about shoe sizes, boot materials, etc. There would be another form to buy shirts with questions about shirts.

    One thing we want to do is integrate with Zoho and send all the answers about boots and shoes into Zoho (to reduce engineering time). One thing we're concerned with is if we embed our user ID or email address or something similar into a hidden field on Jotform, a technically skilled user can find the jotform url and submit a form on behalf of another user.

    Is there a way to guarantee that the jotform link was generated by our system for that user so they can't just edit the query parameters into the user ID of another user?

  • Profile Image
    Answered on January 13, 2020 at 11:08 AM

    Unfortunately, when you use the iframe code to embed the form, Jotform URL will be visible in the webpage' source code.

    You can try embedding the form using its source code instead. Here's a guide How-to-get-the-Full-Source-Code-of-your-Form.

    Note when using the Source Codes: Every time you change (add or remove fields) from your form in the form builder, you must update the form codes on your site by re-embedding the form. This is because the source codes that are currently embedded in your page are not automatically updated.