Security at FormNode

Built for secure workflow intake across workspaces and customers.

FormNode is designed around tenant isolation, scoped access, signed webhook subscriptions, and operational visibility so teams can collect workflow data without broadening their attack surface.

Read docsContact security

Tenant Isolation

  • Workspace and organization scope is enforced server-side before reads or writes.
  • Public form links only expose published forms and sanitized client payloads.
  • Dashboard and portal paths include regression coverage for cross-tenant leakage.

Authentication

  • Staff access is protected by Better Auth sessions, role checks, and workspace membership checks.
  • Microsoft and Google OAuth can be enabled alongside email magic-link login.
  • Admin-only platform pages require a separate re-authentication step.

API And Webhooks

  • REST API access requires Business plan API keys with scoped permissions and rate limits.
  • Submission and approval webhooks are retried with bounded backoff; webhook subscriptions include HMAC signatures.
  • Custom webhook targets are validated before server-side fetches.

Operational Controls

  • Workspace audit logs record admin, billing, user, API key, and form configuration changes.
  • Internal analytics surface rate-limit hits, webhook failures, retry queues, and cost-risk signals.
  • Secrets and submission payloads are excluded from customer-visible audit entries.

Data Handling

Submission payloads are treated as customer data. Operational logs avoid recording raw submission values, API keys, signing secrets, or SMTP credentials.

Responsible Disclosure

Report suspected vulnerabilities to support@formnode.io with reproduction details and impact. We prioritize tenant isolation, auth bypass, RCE, SSRF, and data exposure reports.

Availability

Webhook retry queues, API rate limits, and usage-cost signals are monitored so workflow failures and abuse patterns can be investigated quickly.