Skip to main content

Overview

3rd party applications built in Fillout can be used to allow you or your users to access their Fillout responses. To connect Fillout to your app, you’ll first start by creating an OAuth application in Fillout, which can later be submitted for approval to be listed publicly for Fillout users.

Creating an OAuth app

1

Open settings

On the upper left corner of your Fillout dashboard, click your Account name followed by Settings.Screenshot 2025-09-23 at 2.36.57 PM.png
2

Go to account settings

In the Developer page, select OAuth integrations.Screenshot 2025-11-06 at 3.53.23 PM copy.png
3

Create app

Click Create app and enter a name for your app.Screenshot 2025-11-06 at 3.55.29 PM.png
4

Configure your app

You’ll want to upload an App icon (users will see this when they first connect), and also set up some basic properties:
  • Redirect URIs - endpoints you’d like to get sent to during the OAuth token exchange process to receive the token (more info below)
  • Client ID - the public ID of your application
  • Client secret - must be generated to get started.
    Make sure to save this token, it will only be shown once.
Screenshot 2025-11-06 at 3.58.19 PM.png

OAuth process

Authorization request

GET https://build.fillout.com/authorize/oauth To initiate the OAuth process, you’ll start by sending users to the above endpoint, with the following query parameters:
  • client_id: the client ID of your app, which you can find while configuring it (see above)
  • redirect_uri: the URL you expect to be redirected to, once access is granted for the token
  • state: any string you’d like to use to retain state when redirecting back to your app
After authorization, the user’s browser will be redirected back to the redirect URI passed. Successful requests will forward the following query parameters to that URI:
  • code: a unique oauth authorization code you can use to exchange for an access token
  • state: the state parameter you passed in initially

Token creation request

POST https://server.fillout.com/public/oauth/accessToken Call this endpoint once you’ve successfully been redirected to after the authorization request. Pass, in the body of the request:
  • code: the code you received in the previous step
  • client_id: your client id for your app
  • client_secret: the client secret you generated for your app
  • redirect_uri: the redirect uri you originally received to generate this code.
A successful response will look like: 
{
	"access_token": "abcdefg",
	"base_url": "https://api.fillout.com",
}
The access_token will grant access to the Fillout API The base_url is the base URL for the api. Usually, this will be https://api.fillout.com, but may vary if you are in different geo-locations, or are self-hosting.

Invalidate access token

DELETE https://server.fillout.com/public/oauth/invalidate To authenticate this request, pass the following headers: 
{
	"Authentication": "Bearer <your-api-key>"
}