Use API to submit a webform

I have a client that transitioned to Infusionsoft. They have web forms in modals/lightboxes in their Wordpress site. When the web form is submitted, the form should be processed and the ‘thank you’ message should appear in the modal. This is accomplished through an iframe. Because Infusionsoft form processing busts out of the iframe, I’ve had to submit the forms to a PHP page that then posts to Infusionsoft. I used the code below using Curl, but our IP gets blacklisted. How would I go about posting the page using the Encrypted API key and passphrase instead of using Curl? Code for reference:


// extract data from the post

// set POST variables
$fields = array(
‘inf_form_xid’ => urlencode( $inf_form_xid ),
‘inf_form_name’ => urlencode( $inf_form_name ),
‘infusionsoft_version’ => urlencode( $infusionsoft_version ),
‘inf_field_FirstName’ => urlencode( $firstName ),
‘inf_field_LastName’ => urlencode( $lastName ),
‘inf_field_Company’ => urlencode( $company ),
‘inf_field_Email’ => $emailAddress,
‘inf_field_Phone1’ => urlencode( $busPhone ),
‘inf_field_phonymail’ => $email,

if (empty($fields[inf_field_phonymail])) {

// url-ify the data for the POST
$fields_string = http_build_query($fields);

$url = ‘’ . $inf_form_xid;

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);/* set as true rather than a number /
use http_build_query to construct data to send */
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string );
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_USERAGENT, “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

//execute post
$result = curl_exec($ch);

//close connection
$typ = array(“4d0144008462cf877bda774a33944c86”=>“Chris White”, “fde0b898d765497c91b5e42f5dbd2f95”=>“Stanley Leone Jr.”, “1225dca27ccdef06cc967c7f5c0c79bd”=>“Lyle Wells”,“ebb2285f51afd0c4ed2bf28a2226817b”=>“Flip Flippen”,“64f004347bc098ed65a2c868cb3280c2”=>“Lt. Gen. (RET) R. L. Van Antwerp”);
$thank_you_message = '

Thanks for your interest in booking a keynote with ’ . $typ[$inf_form_xid] . ‘.
We will be in touch with you soon!
/* write success message back into the modal */

echo $thank_you_message;



The first thing is yes, you cannot curl to an infusionsoft page or endpoint without getting blacklisted.

Second, why are you having to do that in the first place? If you are iframe’ing in an infusionsoft form then the infusionsoft form will take care of the contact creation/update.

Finally, if you need to preform additional tasks beyond what the form can do for you then you would do so on the back end by redirecting the thank you page to a script that handles anything else using the api (this is not the same as using curl).

Hi John,

I’m doing that because the form isn’t in an iframe, it’s in a modal/popup hosted on our domain, if I submit to a third party domain - like infusionsoft - and I want that response to remain in the popup, I need to set the form response target to a hidden iframe that is displayed onsubmit to handle the cross-domain posting. This is a common practice that we had employed for years years with our Eloqua hosted forms and a standard practice for that I’ve used for dozens of Eloqua and Marketo clients. If you go to the “Download A Free Chapter” Button at the end of the page, you’ll see the experience.

NB - I’m aware of the php warning, just put this up so you could see the experience.

Here’s a stripped down version of the code (most fields removed) - right now it points to a PHP page hosted on our site. If we change the submit action to infusionsoft - it bust right out of the iframe into a separate page. Not the required experience for this client.



IS has spam protections in place and restrict the methods for submitting forms. ‘Standard practice’ in other products doesn’t exclude the fact that it can cause blacklisting in IS. From your form above, you’re implementing cross domain communications which by ‘Standard practice’ is a security hole. Regardless, you’re still left with the same issue. Rational aside, you will still want to change your flow of information to account for the security checks so that you are using actual api calls and not form submissions.

Okay, so working in IS constraints, the flow would need to be

  1. Form on our domain
  2. Submit to infusionsoft
  3. Redirect to script that handles anything else

My issue with this is that it break the required UX the moment I submit to IS as IS will bust out of the modal, and if I redirect I now l need to come up with a way to maintain state (i.e. when IS redirects back to my script, I don’t know what page the user was on) Do you see a way to satisfy the UX in this case?

Exactly. For Infusionsoft solutions anyway, that is the most common flow I use.

@Mark_Halliday You might want to consider the Infusionsoft Wordpress Plugin. Another alternative is making a server-side component (on your end) that, in turn, communicates with the Infusionsoft REST API.

Thanks, I think I’ve worked out a solution that will satisfy the requirements.

Thanks Mike, I have an interim solution but am working on a long-term solution that would leverage the API. I’ll check out the Wordpress plugin in our sandbox environment.

1 Like

Hi mark, I am also working on a project to convert all form submissions from POST to API. I am very new to Infusionsoft could you please share how did you use the API to submit a webform? Thanks.


Generally you would have the form redirect to a script (think PHP) which captures the POST data and uses the api to push that information into Infusionsoft.

Thanks John, I am just lost on how to use the API using PHP because when I checked this page xml-rpc - Keap Developer Portal there is no command for submitting the data from my form. Could you lead me to an example that submits the web form data using the API? Thank you very much!

So basically this is the form:

<form accept-charset="UTF-8" action="../scripts/dealeralloc.php" class="infusion-form" method="POST">
<input name="action" type="hidden" value="" />
<input name="inf_form_xid" type="hidden" value="44f60ade677500d10ed841eabbed94cd" />
<input name="inf_form_name" type="hidden" value="V2 - Regular Quote Submission Form" />
<input name="infusionsoft_version" type="hidden" value="" />
<div class="infusion-field">
    <label for="inf_field_Title">Title</label>
    <select id="inf_field_Title" name="inf_field_Title"><option value="">Please select one</option><option value="Mr.">Mr.</option><option value="Mrs.">Mrs.</option><option value="Dr.">Dr.</option><option value="Ms.">Ms.</option></select>
<div class="infusion-field">
    <label for="inf_field_FirstName">First Name *</label>
    <input class="infusion-field-input-container" id="inf_field_FirstName" name="inf_field_FirstName" type="text" />
<div class="infusion-field">
    <label for="inf_field_LastName">Last Name *</label>
    <input class="infusion-field-input-container" id="inf_field_LastName" name="inf_field_LastName" type="text" />
<div class="infusion-field">
    <label for="inf_field_Email">Email *</label>
    <input class="infusion-field-input-container" id="inf_field_Email" name="inf_field_Email" type="text" />
<div class="infusion-field">
    <label for="inf_field_Phone1">Phone *</label>
    <input class="infusion-field-input-container" id="inf_field_Phone1" name="inf_field_Phone1" type="text" />

and currently submitting the POST data using CURL but they want to replace the CURL with the API now.

You see all those elements that have id=“something”? Those will be the parameters that are passed when someone submits the form. So when you’re dealeralloc.php file is reached out to by this form, you would use $_POST[‘inf_field_thename’] to read the data and then map that to fields for the api to push that information into infusionsoft.

Thanks for that John I really appreciate your explanation, what API endpoint should I use for mapping the fields? Because I couldn’t find any examples on how to submit those fields to Infusionsoft. Thanks again.

You’re looking to take the $_POST values and map them to variables. Then the variables to the api call array.

(dollar sign here)thisval=$_POST[‘thisval’]; as an example.

For how to use the api with that information you gather, see documentation:

xml-rpc - Keap Developer Portal (RPC api docs)
Keap REST API (REST api docs)

You will need to use OAuth for authentication. I have a video on it that covers most of the details for that part of it:

Thank you so much John, i’ll review the documentation and your video :slight_smile:

1 Like

Hi @John_Borelli I have a question, can I submit the contact details with custom fields all at once? This is the data I am trying to create.

"Title"               => $fields['inf_field_Title'],
"FirstName"           => $fields['inf_field_FirstName'],
"LastName"            => $fields['inf_field_LastName'],
"Email"               => $fields['inf_field_Email'],
"Phone1"              => $fields['inf_field_Phone1'],
"City"                => $fields['inf_field_City'],
"PostalCode"  	      => $fields['inf_field_PostalCode'],
"ApplicationInterest" => $fields['inf_custom_ApplicationInterest'],
"StructureType1"      => $fields['inf_custom_StructureType1'],
"BuildRequest"        => $fields['inf_custom_BuildRequest'],
 "Comments"            => $fields['inf_custom_Comments'] 

I can create a contact using the default fields only but I don’t know how to add the custom fields details for a contact. Thanks.

All custom fields should be added to the fields array but preceeded by an underscore. The name must match the database name in Infusionsoft, NOT the label.

1 Like

Thanks @John_Borelli it worked!

1 Like