What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.
At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.
We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.
FilePicker: Anyone can use unregistered Email AddressAsked by Welvin on July 10, 2013 at 11:59 AM
Original Concern from Markashton:
Anyone can add FilePicker and use any UNREGISTERED Email Address from the Setup Area. Someone should supposed to create an account first before they can integrate FilePicker.
For some reason after I inspect how jotform gets api key from InkFilePicker using email. It always return a random apiKey whether its a registered email or not.
I think these problems were already existed on InkFilePicker's end or maybe they have some other reasons behind why they leave it like that.
For now I will consider not to enter email address anymore but rather just enter a valid API key and if they have none, we will require them to create especially if they are going to use the S3 bucket feature.
Thanks for reporting,
Is it definitely a random API key ... and not a jotform specific one?
I have a form here: http://form.jotform.co/form/31894288736874
I just added the email firstname.lastname@example.org ... generated an API key that is not mine ...
I do a form submission ... it uploads the file fine ... the file is accessible via submissions
What's going on there? Is it Inkfilepicker's end then? Just letting accounts be generated from duff email addresses?
Yeah ... I'd change that as you mentioned above to the API key method of identification
Yes, this is probably on Inkfilepicker's end. You can use any email address as part of the integration. I have tried this;
1. Using unregistered Email Address to Filepicker setup
2. It generates API Keys
3. You can click "Forgot Password" to Filepicker's website even you're not registered and they will send you a temporary password so you can manage the uploaded files.
We'll, Kenneth is looking into this. We'll continue to update you with this function. Thanks for your thoughts :)