Skip to Content
Forms⚙️ Form Settings

Form Settings & Configuration

Configure form behavior, submission handling, and security with FormFlow’s comprehensive settings. All security mechanisms are optional - forms are open by default.

Basic Settings

Allow Multiple Submissions

Control whether users can submit the form multiple times.

Enable: Users can submit the form multiple times. A “Submit Again” button appears after submission.

Disable: Users can only submit once.

Response limits

Control how many responses your form can accept.

  • Set a specific number limit (e.g., 100 submissions)
  • Or select “No limit” for unlimited submissions
  • Form automatically stops accepting submissions when limit is reached

Time limits

Restrict when your form is available for submissions.

  • Start Date & Time: Set when the form becomes active
  • End Date & Time: Set when the form stops accepting submissions
  • Custom Error Message: Customize the message shown when form is expired or not yet active
    • Default: “The form has expired or is not yet active”

Field label

Control what respondents see as the label for each field.

  • Use column name (on): The label matches your monday.com column title and stays in sync when the column is renamed.
  • Use column name (off): Enter a custom label (for example, rename “Name” to “Full name”).

Default values and prefill

Pre-filled value (builder default)

Set an optional default that appears when the form loads.

  • Insert forms: The value is shown unless the respondent changes it; submitted data uses what they leave on the field.
  • Update forms: The default applies only when the field is empty on the item. If monday.com already has a value, FormFlow does not overwrite it from this setting.

To configure: open the field in the builder → set Pre-filled value → save the form.

Prefill from the public URL (query parameters)

For published public forms, you can pass initial values using URL query parameters. Keys are matched to field IDs (nested keys can be represented with flattened query names; very deep nesting may be limited).

Precedence (high level):

  1. Values from the monday.com item (update forms) are applied first.
  2. Query parameters are merged on top for matching keys.
  3. Pre-filled value defaults still apply where rules above leave a field empty (update forms: only when the item field is empty).

Treat URL prefill as public: anyone with the link can append parameters. Do not rely on query strings for secrets; use passwords or internal distribution where needed.

Hidden and read-only fields

  • Hidden: The field can be hidden from the respondent UI. Use this when you do not need the respondent to edit a value but still want it driven by defaults, item data, or URL prefill (behavior depends on field type and form type—test your flow before go-live).
  • Read-only: On update forms, fields can be marked read-only so respondents cannot change them. You can also enable read-only form mode with optional rules so the whole form becomes view-only under conditions you define.

Response viewing

Control when users can see their form responses.

  • Show Response Before Submit: Users can review their entered data before final submission
  • Show Response After Submit: Display confirmation with submitted data after successful submission

Security settings

By default, forms are open and accessible to everyone. All security mechanisms are optional—enable only what you need.

Captcha: Google reCAPTCHA and Cloudflare Turnstile

Protect public forms from bots and spam. Captcha is off by default.

FormFlow supports either (or both, depending on what you enable in form settings):

  • Google reCAPTCHA — When enabled, respondents complete reCAPTCHA before submit.
  • Cloudflare Turnstile — When enabled, respondents complete a Turnstile challenge before submit.

You choose the provider(s) in form settings. Only the challenges you enable are shown.

When to use

  • Public insert forms without a password
  • High-traffic or spam-prone links
  • Any sensitive workflow where automated submissions are a risk

Form Protection (Password Protection) - Optional

Require a password to access and submit your form. By default, forms are open and do not require passwords.

For Insert Forms:

  • Static Password (Optional): Single password for all form submissions
  • Configure once in form settings
  • Same password for all users

For Update Forms:

  • Per-Item Passwords (Optional): Each item has its own unique password
  • Passwords stored in board columns
  • Can be generated automatically via automations

Configuration:

  • Enable password protection in form settings
  • Set password in form settings (for insert forms)
  • For update forms, map to the password column

Form restrictions

Allowed Countries - Optional

Restrict form access based on geographic location. By default, forms are accessible from all countries.

Configuration:

  • Multi-select dropdown to choose allowed countries
  • Select specific countries to restrict access
  • Leave empty to allow access from all countries (default behavior)

Use Cases:

  • Compliance with regional data regulations
  • Limiting access to specific markets
  • Restricting to certain geographic regions

Submission limits (optional)

Control how many times users can submit your form. By default, there are no submission limits.

Options:

  • Per User: Limit submissions per individual user
  • Per Time Period: Limit submissions within a specific timeframe
  • Total Limit: Set maximum total submissions for the form

Burst submission control (update forms)

Optional throttle for update flows: limit how often the same item can be submitted again from the same IP within a sliding time window (for example to reduce accidental double-clicks or scripted retries).

  • Enable in form settings when update queues or duplicate submits are a problem.
  • Set window length (seconds) and a clear error message so respondents know to wait and try again.

Most insert-only marketing forms never need this. High-traffic operational update forms are the usual fit.

Post-Submission Experience

Thank You Page

Customize what users see after submitting your form.

  • Custom Title: Default “Thank you for your submission!”
  • Custom Description: Default “Your form has been submitted successfully.”
  • Submit Again Button (when multiple submissions enabled): Customize button text and styling

External Redirect

Redirect users to custom pages after submission.

  • Success Page URL: Redirect to a custom success page on your website
  • Error Page URL: Redirect to a custom error page if submission fails
  • Automatic Redirect: Seamless transition without user interaction

Security Best Practices

Remember: Forms are open by default. Enable security options only when needed.

When to Enable Security

No security needed (default)

  • Public forms for general use
  • Simple data collection
  • Forms where accessibility is the priority

Basic security

  • Public-facing forms → Enable reCAPTCHA and/or Turnstile
  • Forms with limited submissions → Set response limits
  • Time-sensitive campaigns → Enable time limits

Enhanced security

  • Sensitive data collection → Enable password protection
  • Restricted access → Password + country restrictions
  • High-risk forms → Combine multiple layers

Public forms (lead generation, contact)

  • Consider enabling reCAPTCHA and/or Turnstile
  • Consider country restrictions if needed
  • Use time limits for campaigns

Sensitive forms (applications, registrations)

  • Enable password protection
  • Enable captcha (reCAPTCHA and/or Turnstile)
  • Set strict submission limits
  • Use country restrictions if required

Internal forms (team updates, status reports)

  • Consider password protection
  • Use per-item passwords for update forms when password protection is on
  • Set appropriate submission limits

Analytics

In the FormFlow experience on your monday.com board, open the Analytics tab to review form activity and submissions for forms on that board. Use it to monitor volume and drill into submission data without giving respondents access to the board.

Submission processing and local drafts

Submission processing (update forms)

When enabled in settings, respondents can see a processing state while FormFlow finishes writing changes to monday.com (for example when updates are queued). This reduces duplicate submits and sets expectations during busy boards.

Local draft (browser)

When enabled, respondents can save progress in the browser before final submit. This helps long forms; it is not a substitute for server-side drafts if you require authenticated saved progress.

Next steps

Last updated on
🔄 Update Forms🔍 Visibility Rules