Email fields on a Hubspot form allow me to block submissions if the email address entered is from a list of domains I specify (by editing the email field and adding them to ‘Email Domains to Block’). However, this filter isn’t applied when the form submission is created via the API. How do I block a list of domains when hosting my own form and submitting via the API?
Forms submitted via the API will follow the same rules as embedded forms when it comes to blocking free email domains or specific email domains:
If the email address in the submission data matches one of the blocked domains, you’ll get a 400 response with a message that the domain isn’t allowed (the message is intended for embedded forms, so the response will be HTML not JSON).
@dadams when a 400 response is returned, is the contact record still saved? I’ve configured filtering on the email field for the form I’m using for API submissions, but still have contacts showing up daily from some of the blocked domains.
When I asked support about this, the answer was: “We have determined that this form is using the API instead of being embedded on the external page so it bypasses the configuration on the form like the blocked email address feature. You would need to add custom validation to the API to be able to block the domains.” Which seems to contradict what you describe the behavior should be (unless the API is returning a 400 but saving the contact record anyway).
If you get a 400 response, the form submission will be rejected, and no contact will be created. The block list is specific to each form, so if you’re using multiple forms you’d need to include the list on each form you’re working with.
In the cases where you’re seeing new contacts, are you getting a 400 response from the form submission? Do the records still show they filled out the form?
Sorry for the confusion around the 400 responses. Receiving a 400 response for blocked email domains is relatively new functionality. Up until a few weeks ago, that block list was only for embedded forms and it did not apply to API submissions.
No, I’m getting a 204 actually. Just made a submission manually from a
console with an email from one of the blocked domains. So it looks like
something’s up with the filtering. Double-checked and it’s definitely the
correct form too.
Is there a way to retrieve the settings for the email field via the API to
check that they’re correct? Otherwise not sure how to proceed in debugging.
You can get the form through the API:
You’ll see the list of blocked domains in the data field in the validation setting for the email field.
OK, it looks like the blocked domains are showing up when I access the form
through the API. Is it possible I’ve misconfigured something (i.e. domains
need to be in another format or something)?
enter a valid email address”,“data”:“yandex.com, mail.ru,
@turningart if you remove the spaces between the commas and the domains, do you have any better luck with this?
Looks like that worked, thanks! Might be worth putting some validation on
the form that takes the domain list to prevent other people having this