Public POST /f/{id}. Embed a normal HTML form via fetch() — submissions arrive in Telegram, Max or email. Spam protection, routes and CSV export — included.
· Honeypot, time-to-submit, throwaway email blocklist, origin check
Without us
Typeform sends notifications to email. In the morning there are 200 unread, the lead goes cold 12 hours later. Responding to customers promptly — impossible.
Typeform Business — $83/mo. Tilda — from 150 ₽ per form. Behind that money is basically "a nice form and email notification".
Without honeypot, time-to-submit, throwaway blocklist and keyword rules — 60% of submissions are spam. Clearing them manually — manager time.
What's inside
Hidden trap field with unique per-form name. Optional fill-time check (requires JavaScript), throwaway-email blocklist, and keyword filter. Bots are flagged as spam and don't reach recipients.
~70 disposable mail domains (mailinator, tempmail, 10minutemail, etc.) — auto-marked as spam.
Conditional delivery: "if company contains b2b — to sales@, otherwise default". Up to 40 routes, actions deliver/mark_spam/block.
Flagged submissions are kept in a separate tab, not deleted. You can manually move them back to verified or vice versa.
Email recipients confirm the address via a 6-digit code. Submissions go only to verified addresses — no risk of abuse.
All submissions in a table with status/period filters and search. CSV export up to 10,000 rows. Archive after 30 days, delete after 180.
How it works
In the dashboard — "Forms → Create". Set a name and allowed_origins (domains to accept submissions from). Get a form_id.
A regular HTML form or fetch('/f/form_id') with JSON. No API key — the endpoint is public but protected by origin check and rate limit.
Configure routes: Telegram/Max to the developer, email, project subscribers. Webhook form.submitted — for CRM integrations.
FAQ
No. Endpoint POST /f/{form_id} is public — you can call it from HTML right in the browser. Protection — via allowed_origins, honeypot, rate limit and time-to-submit.
Several layers: origin check → rate limit → honeypot → time-to-submit → throwaway email blocklist → keyword blocklist → mark_spam/block routes. Suspicious submissions land in the "Spam" tab.
Yes. Set redirect_url in form settings. For HTML forms without JS — 303 See Other. For JSON/AJAX — returns {ok:true}. Even spam/block redirects, to avoid revealing filtering.
You configure routes: email (verified), Telegram/Max to developer or team member, subscriber by ID, entire team at once. Up to 40 routes per form.
Yes. CSV export up to 10,000 rows is available on "Basic" plan and above, only for owner/admin roles. Plus a full REST API: list, search, filters.
0 credits — receiving a submission into DB is free. Only deliveries are billed: email = 2 credits, Telegram/Max to subscriber or developer = 1 credit.
No credit card. 100 free credits per month — enough to try every feature.
Solutions & use cases
Common scenarios where Zapnoty replaces a stack of 3-4 separate services.
10× cheaper than SMS, higher reach than email
OTP, order status, abandoned cart, promos
Forms with instant Telegram notification — no forgotten inboxes
Drip lessons, reminders, Q&A and bot login
Support in Telegram/Max, no heavy chat widget