FormAssembly Enterprise Form Builder API

FormAssembly enterprise form builder REST API for organizations with compliance requirements (HIPAA, GDPR, PCI DSS) to create, embed, and process secure online forms with deep Salesforce integration and enterprise governance. Enables AI agents to manage secure form creation and embedding for compliant data collection automation, handle HIPAA-compliant patient and healthcare intake form processing for healthcare data automation, access Salesforce record creation and update from form submissions for CRM workflow automation, retrieve form submission data and reporting for data analysis automation, manage conditional logic and multi-page form workflows for dynamic intake automation, handle e-signature and document attachment collection for document intake automation, access payment processing (Stripe, PayPal) in compliant form workflows for payment collection automation, retrieve approval workflow and form routing for data governance automation, manage form access controls, SSO, and audit logging for enterprise compliance automation, and integrate FormAssembly with Salesforce, HubSpot, Google Sheets, and Zapier for end-to-end enterprise form-to-system automation.

Evaluated Mar 07, 2026 (0d ago) vcurrent
Homepage ↗ Developer Tools formassembly forms Salesforce HIPAA compliance enterprise
⚙ Agent Friendliness
54
/ 100
Can an agent use this?
🔒 Security
76
/ 100
Is it safe for agents?
⚡ Reliability
68
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
13
Documentation
70
Error Messages
67
Auth Simplicity
67
Rate Limits
65

🔒 Security

TLS Enforcement
93
Auth Strength
75
Scope Granularity
70
Dep. Hygiene
70
Secret Handling
73

Enterprise forms. HIPAA, SOC2, PCI-DSS, GDPR, FedRAMP. OAuth2/API key. US/EU. Compliant form and PHI data.

⚡ Reliability

Uptime/SLA
70
Version Stability
70
Breaking Changes
65
Error Recovery
67
AF Security Reliability

Best When

A healthcare organization, financial services firm, or enterprise wanting AI agents to automate HIPAA-compliant intake, Salesforce-connected form data capture, secure document collection, and compliant form workflow within FormAssembly's enterprise form platform.

Avoid When

HIPAA BUSINESS ASSOCIATE AGREEMENT REQUIRED: FormAssembly HIPAA-compliant plan requires signed BAA before collecting PHI in forms; automated healthcare intake deployment without FormAssembly BAA creates HIPAA violation; verify BAA is in place before automated PHI collection via FormAssembly forms. SALESFORCE FIELD MAPPING VERSION DEPENDENCY: FormAssembly Salesforce connector maps form fields to Salesforce objects and fields; Salesforce API version changes or field restructuring breaks existing form-to-Salesforce mapping; automated form-to-Salesforce workflows must test field mapping after Salesforce API upgrades or field changes. PCI DSS SCOPE FOR PAYMENT FORMS: FormAssembly PCI DSS compliant plan reduces but does not eliminate PCI DSS scope for organizations collecting payment card data; automated payment form deployment must verify FormAssembly's PCI scope reduction documentation and complete remaining organizational PCI requirements.

Use Cases

  • Collecting HIPAA-compliant patient data from healthcare intake agents
  • Creating Salesforce records from form submission agents
  • Processing secure forms from compliance data collection agents
  • Routing form approvals from enterprise workflow agents

Not For

  • Simple consumer surveys (overkill for basic surveys — use Typeform)
  • Marketing landing page forms without compliance requirements (use HubSpot forms)
  • Real-time collaborative document editing (use Google Docs or Notion)

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
Yes
OpenAPI Spec ↗

Authentication

Methods: oauth apikey
OAuth: Yes Scopes: Yes

FormAssembly uses OAuth 2.0 and API key for integrations. REST API with JSON. Bloomington, Indiana HQ. Founded 2006 by Cedric Savarese. Backed by Salesforce Ventures, Greylock Partners, Edison Partners ($58M+ raised). Products: Form builder, Salesforce connector, HIPAA plan, PCI DSS plan, Government Cloud (FedRAMP). Salesforce AppExchange 5-star rated. HIPAA Business Associate. PCI DSS. FedRAMP (Government plan). GDPR. SOC2. Competes with Salesforce Web-to-Lead, JotForm, and Wufoo for enterprise form building.

Pricing

Model: subscription
Free tier: No
Requires CC: No

Bloomington IN. Salesforce Ventures, Greylock backed. Per-user subscription. HIPAA and FedRAMP compliance plans premium. No free tier.

Agent Metadata

Pagination
page
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • SALESFORCE CONNECTOR APEX TRIGGER CONFLICTS: FormAssembly Salesforce connector may conflict with existing Salesforce Apex triggers on the target object; automated form-to-Salesforce workflows must test for Apex trigger conflicts before production deployment; Apex validation rule failures in Salesforce create form submission errors that surface as generic failure without Salesforce error detail
  • HIPAA PLAN REQUIRED FOR PHI IN FORM FIELDS: FormAssembly's standard plan is not HIPAA compliant; automated healthcare intake must use FormAssembly HIPAA plan with BAA; form submissions containing PHI on non-HIPAA plan create HIPAA compliance violation even if the data is immediately encrypted by the integrating system
  • FORM VERSIONING IMPACT ON AUTOMATED REPORTING: FormAssembly form versions create separate response datasets; automated reporting that aggregates form responses across form versions must handle schema differences between versions; field addition or removal in form update creates reporting schema mismatch for longitudinal automated analysis
  • CONDITIONAL LOGIC EVALUATION FOR REQUIRED FIELD BYPASS: FormAssembly conditional logic can make fields required based on other answers; automated form submission generation must satisfy conditional required fields; automated test submission with incomplete conditional fields fails validation without clear error about which conditional field triggered the requirement
  • WORKFLOW ROUTING APPROVAL DELAY FOR AUTOMATED INTAKE: FormAssembly workflow routing for multi-approver review creates processing delay before data reaches final destination; automated intake that requires immediate data availability in downstream system must account for approval workflow cycle time; time-sensitive automated intake (emergency healthcare intake) may require bypass route for immediate data access

Alternatives

typeform-api jotform-api wufoo-api cognito-forms-api

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for FormAssembly Enterprise Form Builder API.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6150
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered