Is it possible for third parties to send post requests through Forest?

Right now we have multiple external forms that we use for data submission. We set up the submit to send a post request to a webhook through Zapier, and we use zapier to perform logic and then create a row in our SQL database.

We’d love to cut out the middle man and send a post request directly to our API to create/manipulate data in our server/database. Is there a way to set up an endpoint for the form submissions to hit in the routes files? That way we can write the logic in Javascript vs Zapier?

Thanks so much! I know you guys field a lot of issues here, but our team has shifted all of our workflows and day to day work to Forest and it has drastically increased our efficiency! We’re excited to continue building on the platform! There should be a “praise” section on here. :slight_smile:


Hello @Matt :wave:

We are happy to read that you are migrating a lot of things to Forest :christmas_tree:, and that we help to increase your opts efficiency :confetti_ball::tada: Thanks for this feedback, it is a really good motivation :pray:

The short answer to your question is: Yes, this should be possible.

Knowing that you own the code generated by lumber (your agent) you can create every endpoints you want. Instead of pointing to your Zapier webhooks, you could directly point to your agent and handle the data in here (as you would do for a smart action for example). It will require some setup (authentication …) but this should definitely be possible. Your agent is an independent API server, you are free to build anything you want :building_construction:

A good solution could also be to code your forms directly as smart actions at forest. You could invite your third party actors to your project and give them access to your smart actions so everything would be centralised (no more external forms).

If you give us more details about how your external forms are build, and how they communicate with Zapier, we would be able to advise you, and guide you to integrate them directly into Forest :slight_smile:

Does this help ?


Hey @Steve_Bunlon

That’s awesome, and yes, this does help!

These specific forms are front facing to clients/customers, so they would have to stay outside Forest. Right now we have one form that is simple HTML/CSS/JS integrated in a Wordpress site with submit logic pointing to the Zapier webhook URL.

The other forms were built in JotFrom using JotForm’s trigger in Zapier, but we are looking at converting those to React, with the similar setup of pointing the submit logic to a Zapier webhook URL. Right now the form basically points to the webhook URL as the form action with a post method. From there Zapier parses out the JSON on there end as separate fields:

<form id="formId" class="form-css" action="{id}" method="post" target="hiddenFrame">

Rather than directing the submit logic to a simple webhook URL that would parse out the JSON through Zapier, would we instead hard code an http request inside of the form logic with an authentication header pointing to a REST API endpoint through our agent?

Hi @Matt,

You’re totally right.
The authentication process could potentially use a login/password created for this purpose (Which seems the better option), or a generated token (But you would have to manually update this token every now and then, when it is revoked).

Let us know if you have any other questions :slight_smile:

@jeffladiray Since the forms don’t really require any authentication currently (not the ideal solution, but we’re working with what we currently have. The forms are only used to collect new data with public access) would it be possible to just set up a route in my routes folder without authentication?


Since the generated project is yours, this is definitely do-able (You should be able to inject any kind of express related code in the project).
However I don’t recommand you to do like this though, since it could potentially leads to security issue (Bot spamming this service for example). Authentication is needed for all the forest-admin related routes, so this would be safer to use authentication I guess.

@jeffladiray Quick follow up on this, I have an endpoint set up and just need to finish the authorization. Is there a way to manually generate a web token that I can give to third party developers that we collaborate with that can stay the same and that doesn’t require login/password authentication so they can use this route?

Hey @Matt,

Yes I guess it is technically possible (but it doesn’t mean it is recommended, as Jeff told you for safety matters).
Just one additional question: don’t you have another backend API (not the admin one) where you could deal with all that? Just wondering, as to me it is not absolutely meant to be on your admin backend :thinking:


1 Like

@adriguy I think I see what you’re saying. I should create a separate server side application just for the routes that I want to be available to third party developers with its own authentication, connected to the same database, rather than making a request to the application attached to Forest?

1 Like

Hi @Matt

That wasn’t my point initially, but after discussing with @adriguy, we clearly think that would be the best for your use case (New API for new purpose).

There are a few reasons that leads us to that direction, the main one being potential security issues.
In fact, in your first message, Zapier handle that for you, so even if that’s a “middle man” in your case, it clearly serve an essential purpose in your data flow.

Moreover, let’s say the new service you created failed and crashes your lumber-project, you would not be able to access your admin backend, which is far from ideal.

To sum all this up:

  • You are totally able to create a new service inside your lumber project, with or without authentication to access your database, since you remain the owner of the lumber generated project. That mean you can achieve what you want to do inside your lumber project, but that’s not the best way to handle your use case.
  • In my opinion, that would be better to create a new API or use an external service, independant of your lumber project to integrate this new use case, mainly for security reason, but also for separation of concerns (Keep what’s related to your admin backend inside lumber, and everything else elsewhere). That will be easier to maintain in the long run, and is less error prone.

Let me know if that helps :pray:


@jeffladiray I think that makes total sense and it definitely helps! Thanks so much to you and @adriguy for the insight!