New Security Feature for the Forms API

It's currently Thanksgiving day here in the US, and we've decided to ship a new feature we think a lot of our power-users are going to be super thankful for.

You might not know it, but all versions of Accelo include the ability for you to create a form on your own website or intranet and when a user fills in the form it can create a new client, contact, sale or ticket/issue - automatically. You can even build your web forms to include the custom fields, send email alerts and even accept file uploads.

Most commonly we see clients using these forms to build enquiry forms on their websites, create special ticket/issue forms for their most VIP users to quickly get things into the issues module, and we've even got a great client who runs all of their recruiting through Accelo using these forms! (You can find the instructions on how to build your own form here)

However, until now there's been a bit of a catch - you've needed to include a security feature known as a captcha to stop spammers from inundating your forms and flooding your Accelo system with clients, sales and issues. While this sounds good in theory, the problem with this security barrier is that is lowers conversion rates (which matters if your form is on a landing page or some other high value area of your site), and if you want to use the forms API in an intranet setting - where things are already secure - you've been out of luck.

Until now. Today we've launched a new feature that allows you to specify your own level of Forms API access - including for the first time not only making the system work without the hard to use captchas, but also disabling it entirely if you prefer.

Three Access Levels

The new access level system uses three different options:

• Challenge: this is where the user needs to enter a captcha challenge to successfully submit the form. This will remain the default if you don't specify a setting - we really don't want spammers getting in an flooding your database by default.
• Open: this is where you can choose to make the captcha challenge unnecessary. If you have a high value sales/enquiry form or you have a page which is behind an extranet or not otherwise shared publically, you can now set up your form so you don't need to challenge your users.
• Disabled: this is a new setting and ensures that you can disable access to this part of the forms API entirely - either for a whole module or just for certain sales/issue types.

Configure Access by Module or by Type

These access level settings are able to be configured either at the whole module level, or for objects which have multiple types (available only in Premium) you can also specify access on a type by type basis for more granular control.

Controlling Access by Module is easy - simply click on the spanner/wrench icon in the top navigation to go to the admin section, and then click on "General Configuration & Preferences". You can then manage access on a module-wide basis for Companies, Sales and Issues.

Controlling Access by Type is also easy, but you access it in a different place. Firstly, go into the Config section for the Sale or Issue module by clicking on the "Config" link when you hover over that item in your navigation bar.

Once you're looking at the config screen, choose the type you want to edit on the left and then click Edit in the top right.

You'll then see a form that allows you to edit the sale/issue type, and this is where you'll also be able to change the access settings.

Advanced Uses

In addition to the obvious uses of embedding forms on your website for prospective and current clients to use, other more advanced uses could include:

• Writing your own import process from another data source - if you're a coder, you'll know how easy it is to write a HTTP POST request using almost any programming language. Simply make your POST request with the fields outlined in the documentation and you can start feeding Accelo new companies, contacts, sales and issues in no time at all, take advantage of our server side smarts that make sure you don't end up with duplicate companies or contacts.
• Write your own notification business process - because the Forms API also provides powerful rules for trigging email notifications to your users, you can use the Forms API to not only create new requests but to also automatically email clients and/or staff users when your business process is triggered. Super handy.
• Create your own automatic issue logger - if you're a technically savvy user, you might have your own bug tracking or issue handling system which is engineering oriented. With this interface, you can now take any client-facing issues created in another system and push them across to Accelo instantly and without double-handling.

Start Building!

This is only one of the first steps in a much bigger plan to open up as much of the Accelo platform as we can to APIs so you can all sorts of things with your data in the future. Watch this space for updates...