Sharing & Security
Learn how forms are shared with respondents, how access is controlled, and the security measures that protect your data throughout the form lifecycle.
Shareable Links
Every form gets a unique URL that can be shared with anyone. No monday.com account or login is required to fill out a form — respondents just need the link.
Copy to clipboard
After generating a form, click the copy button to copy the URL to your clipboard. You can then share it via email, chat, or any messaging channel.
Manual link sharing
The form configuration page always displays the current form URL alongside the copy button, so you can grab the link at any time.
Link Regeneration
If you need to invalidate an existing form link — for example, if it was shared with the wrong audience — you can regenerate the link.
Regenerating a link creates a brand-new URL for the form and immediately invalidates the old one. Anyone who tries to access the old link will be unable to open the form.
You can regenerate links from the form configuration page or from the Fill Inbox settings panel.
Password Protection
Adding a password to your form ensures that only authorized respondents can access it. The password is set during form creation or updated later from the Fill Inbox.
Password prompt
When a respondent opens a password-protected form, they see a password prompt before any form fields are displayed. The form content is not loaded until the correct password is entered.
Rate limiting
Incorrect password attempts are rate-limited to prevent brute force attacks. After multiple failed attempts, the respondent must wait before trying again.
Access tokens
Once the correct password is entered, the respondent's browser receives an access token for the session. They won't need to re-enter the password while the session is active, even if they refresh the page.
Form Expiration
Set an expiration date to automatically stop accepting submissions after a certain time. This is useful for time-sensitive data collection like event registrations or feedback deadlines.
When a respondent opens an expired form, they see a clear notice explaining that the form is no longer accepting submissions. The form fields are not displayed. You can extend or remove the expiration at any time from the Fill Inbox settings panel.
Form Lifecycle
Every form goes through a defined lifecycle represented by these statuses:
| Status | Description | Accepts Submissions |
|---|---|---|
| Active | Form is live and accepting submissions | Yes |
| Completed | The form has been submitted and editing is disabled | No (unless editing is enabled) |
| Expired | The expiration date has passed | No |
| Deleted | The form has been permanently removed | No |
Previously Submitted Notice
When a respondent opens a form that they have already submitted, the behavior depends on the Allow Editing After Submit setting:
Editing disabled (default)
The respondent sees a "previously submitted" notice and cannot make changes or resubmit.
Editing enabled
The form loads with the respondent's previous answers pre-filled. They can update any field and submit again. Each new submission is tracked in the submission history.
Authentication
Item to Form uses monday.com's OAuth authentication for all administrative operations (creating forms, managing settings, reviewing submissions). The authentication flow works as follows:
- When you open the app inside monday.com, your session token is used to authenticate automatically
- If the session has expired, the app redirects to monday.com's OAuth flow to re-authorize
- All API requests from the admin interface include authentication headers