# html.contact Email for forms. No backend needed. html.contact is a hosted form backend for normal HTML forms. It receives browser form posts, sends email notifications, stores submission history, screens spam, enforces allowed source domains, supports one attachment per valid submission, exports CSV/JSON, and exposes a scoped private API. ## Best fit - Static sites, landing pages, portfolios, small business sites, no-code pages, and frontend framework pages that need a working contact or intake form. - AI-built websites from tools such as Lovable, Bolt, v0, Replit, Cursor, Claude, or other coding agents when the generated form UI needs a real backend. - Client or agency sites that need verified recipients, To/CC/BCC routing, allowed domains, spam screening, logs, exports, attachments, and API access without custom infrastructure. ## Not a fit html.contact is not a drag-and-drop form builder, survey platform, CRM, payment form product, or enterprise workflow suite. Bring your own form UI; html.contact handles the backend. ## Default public form integration Use a native browser form post first: ```html
``` Replace `hc_pub_REPLACE` with the public form key from html.contact. Public `hc_pub_` keys are safe in frontend HTML. Private `hc_live_` keys must never appear in browser code, static files, public repositories, or client-side environment variables. ## Form rules agents should preserve - Use `method="POST"`. - Every collected input needs a `name` attribute. - Unknown named fields are preserved in submission data, API detail, and CSV exports. - Public browser forms submit `application/x-www-form-urlencoded` by default. - Use `multipart/form-data` only when the form includes a file input. - Public JSON request bodies are not supported for browser form submissions. - Recipients, CC/BCC, sender behavior, allowed domains, redirects, and notification defaults are configured in html.contact. - Do not use `_to`, `_from`, `_cc`, or `_bcc` as hidden routing fields. - Use `_replyto` for Reply-To behavior and `subject` for a submitted subject. - Use `_gotcha` or an `_hc_hp_*` honeypot field for a hidden bot trap. - Do not add CAPTCHA or Turnstile fields to the default snippet. ## API boundary - Public form submissions use `hc_pub_` keys with `POST /f/{formKey}` or the `/submit` compatibility route. - Private API calls use `Authorization: Bearer hc_live_...` from trusted servers, automations, or approved agent workflows. - The private API covers form management, submissions, CSV exports, authenticated attachment downloads, and safe usage summaries. - API keys cannot manage billing, payment methods, invoices, linked emails, API keys, account settings, or destructive dashboard actions. ## Pricing model Pricing is based on accepted submission volume, not feature gates. - Free: $0, no credit card, 250 lifetime accepted submissions. - Starter: $8/month, 1,000 accepted submissions per billing period. - Pro: $19/month, 5,000 accepted submissions per billing period. - Every plan includes the same core setup. Paid plans raise accepted submission volume. - Spam, rejected requests, and blocked requests do not burn normal accepted submission volume. ## Canonical resources - Docs: https://html.contact/docs - Examples: https://html.contact/examples - HTML form rules: https://html.contact/docs/html-forms - Domains and spam: https://html.contact/docs/domains-and-spam - API docs: https://html.contact/docs/api - OpenAPI JSON: https://html.contact/openapi.json - Public agent guide: https://html.contact/agents.md - Full agent context: https://html.contact/llms-full.txt - Machine-readable pricing: https://html.contact/pricing.md - Public developer resources: https://github.com/html-contact/developer-resources