NEW

AI agents now first-class: authorize · audit · revoke in one click — your agents submit cleanly, bots stay blocked.

Read agent docs →
USE CASES · COPY-PASTE CURL

Every form you'd ever need a backend for.

Real curl. Real payloads. One endpoint serves your marketing contact form, your job-applications inbox, your AI agent, and your mobile app — without a line of backend code on your side.

/ for websites

Drop-in backend for any web form.

The Formspree pattern, done right. One POST, email in your inbox, spam pipeline already running. Zero server code on your side.

contact form

Marketing site contact form

The classic. A lead fills the form, the sales team gets the email, and _replyto rewrites the email's Reply-To header — so when sales hits Reply, the message goes to the lead, not to us.

curl request
curl -X POST https://login.ollastack.com/api/submit/contact \
    -H "Content-Type: application/json" \
    -d '{
      "name": "Ada Lovelace",
      "email": "ada@example.com",
      "message": "Interested in a demo for our 12-person team.",
      "_replyto": "ada@example.com"
    }'
expected response
{ "success": true, "id": "sub_8f2a91c…" }
# Email lands in sales@ollastack.com.
# Reply-To: ada@example.com → hit reply, talk to the lead.
newsletter

Newsletter signup with instant autoresponder

_autoresponse sends the subscriber a confirmation email the moment they submit. No transactional-email provider needed for this one common case.

curl request
curl -X POST https://login.ollastack.com/api/submit/newsletter \
    -H "Content-Type: application/json" \
    -d '{
      "email": "subscriber@domain.com",
      "_autoresponse": "Thanks for subscribing — your first issue ships Friday.",
      "_subject": "New subscriber: subscriber@domain.com"
    }'
expected response
{ "success": true, "id": "sub_a14f…" }
# You get the lead. The subscriber gets an instant confirm reply.
careers

Job application with resume upload

Multipart parser handles PDFs, docs, screenshots. The resume gets attached to the recruiter's notification email. The [Possible spam] ML quarantine keeps the inbox clean without ever silently dropping a real applicant.

curl request
curl -X POST https://login.ollastack.com/api/submit/careers-backend \
    -F "name=Grace Hopper" \
    -F "email=grace@example.com" \
    -F "role=Senior backend engineer" \
    -F "years_experience=8" \
    -F "cover_letter=I've shipped distributed systems at..." \
    -F "resume=@./resume.pdf"
expected response
{ "success": true, "id": "sub_c01dd…" }
# Notification email to careers@ollastack.com has resume.pdf attached.
support intake

Bug report widget with subject routing

_subject overrides the default email subject so your support inbox's filter rules route by severity, product, or environment without you running a triage script.

curl request
curl -X POST https://login.ollastack.com/api/submit/bug-report \
    -H "Content-Type: application/json" \
    -d '{
      "title": "Dashboard crashes on Safari 17",
      "severity": "high",
      "product_area": "billing",
      "steps_to_reproduce": "1. Open /orgs/{id}  2. Click Upgrade  3. White screen",
      "browser": "Safari 17.4 / macOS 14.5",
      "_subject": "[BUG][HIGH][billing] Dashboard crashes on Safari 17",
      "_replyto": "user@example.com"
    }'
expected response
{ "success": true, "id": "sub_b9c12…" }
# Gmail filter on "[BUG][HIGH]" pages on-call. The rest go to triage.
/ for AI agents 🤖

Forms your agent can use as a first-class citizen.

Bearer-authed POSTs skip captcha, honeypot, and the per-IP rate limit — the token IS the trust boundary. The OpenAPI spec is CORS-open so the agent discovers the surface itself.

agent · bearer

Agent books a demo on a user's behalf

Your assistant (Claude, ChatGPT, a custom one) fills out the prospect's demo form for them — the lead lands in your sales sales@ollastack.com inbox stamped with the agent's label, attributed in the audit log, no captcha to break.

curl request
curl -X POST https://login.ollastack.com/api/submit/demo-request \
    -H "Authorization: Bearer fmd_a8c91b2e7d…"
    -H "Content-Type: application/json" \
    -d '{
      "name": "Sarah Chen",
      "company": "Acme Corp",
      "email": "sarah@acme.com",
      "team_size": 12,
      "use_case": "Lead capture for marketing site + agent integration",
      "monthly_volume": 5000,
      "_replyto": "sarah@acme.com",
      "_source": "submitted via Claude.ai on user behalf"
    }'
expected response
{
  "success": true,
  "id": "sub_d31be…",
  "submitted_via": "agent:tok_demo_intake_claude"
}
# Inbox row shows the 🤖 stamp + the token label.
# Skipped: per-IP rate limit, honeypot, CAPTCHA. The token is trust.
agent · bulk

Bulk import 1,000 leads from a scrape, CSV, or Sheet

Idempotency keys make the loop safely retryable — re-running the same script doesn't double-post. Per-IP rate limit doesn't apply to Bearer-authed traffic, so a background job can drain a queue without throttling.

curl request
cat leads.jsonl | while read line; do
    curl -X POST https://login.ollastack.com/api/submit/crm-intake \
      -H "Authorization: Bearer fmd_a8c91b2e7d…"
      -H "Content-Type: application/json" \
      -H "Idempotency-Key: $(echo -n "$line" | sha256sum | cut -c1-32)" \
      -d "$line"
  done
expected response
{ "success": true, "id": "sub_…" }   ×1000
# Re-run with the same input and you get the same IDs — no dupes.
# Per-IP rate limit doesn't apply to Bearer tokens.
agent · discovery

Agent discovers the API surface itself

The whole API is described at /api/openapi.json — CORS-open, no auth required to read. Drop it into an agent's tool-use loop and it learns the endpoints, parameter types, and response shapes without a docs site.

curl request
curl -s https://login.ollastack.com/api/openapi.json | jq '.paths | keys'
expected response
[
  "/api/forms",
  "/api/forms/{formId}",
  "/api/forms/{formId}/builder",
  "/api/forms/{formId}/submissions",
  "/api/forms/{formId}/failures",
  "/api/submit/{endpointSlug}",
  "/api/submissions/{id}",
  "/api/tokens",

]
# Agent reads, mints a scoped token, picks an endpoint, submits.
# No SDK install, no docs to scrape. Just JSON.
agent · voice

Voice agent → schema-validated form

Your voice agent (Twilio, Vapi, Retell) transcribes a call, extracts the structured fields, and submits. The form's strict 13-type schema catches malformed extractions before they pollute the inbox — bad voice agents fail loudly, not silently.

curl request
curl -X POST https://login.ollastack.com/api/submit/clinic-intake \
    -H "Authorization: Bearer fmd_voice_agent_…"
    -H "Content-Type: application/json" \
    -d '{
      "patient_name": "Anna Smith",
      "phone": "+1 415 555 0117",
      "reason_for_visit": "Follow-up — knee injection three weeks ago",
      "preferred_date": "2026-06-15",
      "preferred_time": "afternoon",
      "insurance_provider": "Blue Shield",
      "_source": "via Twilio voice agent",
      "_replyto": "anna@example.com"
    }'
expected response
{ "success": true, "id": "sub_v8c1e…" }
# Schema rejects bad date formats with 400 + a field-level error
# the agent can react to ("please confirm the date").
agent · workflow

Agent logs a workflow event from Slack / GitHub / a file watcher

Use a form as a write-side event log. The agent submits, the form's signed webhook fires to your downstream system, and the auto-retry (5× with backoff) means your pipeline doesn't lose the event if its receiver is briefly down.

curl request
curl -X POST https://login.ollastack.com/api/submit/build-events \
    -H "Authorization: Bearer fmd_ci_agent_…"
    -H "Content-Type: application/json" \
    -d '{
      "kind": "deploy.completed",
      "service": "api-gateway",
      "git_sha": "8f3a91c",
      "env": "production",
      "duration_ms": 47120,
      "triggered_by": "release-bot"
    }'
expected response
{ "success": true, "id": "sub_evt_…" }
# Webhook fires to your audit-log service.
# Auto-retried at 1m, 5m, 30m, 2h, 10h if it 5xxs.
/ for developers

Real infra under the form layer.

Auto-retry'd webhooks, multipart parsing, idempotency, signed deliveries, per-tenant SMTP. Your prototype graduates to production without re-platforming.

static site

A real backend for your static site

Drop this on Vercel, Cloudflare Pages, Netlify, S3, GitHub Pages. The form URL handles CORS, parses urlencoded and JSON, runs the spam pipeline, and emails you. Zero server code on your side.

curl request
 action="https://login.ollastack.com/api/submit/contact" method="POST">
   name="name" required/>
   name="email" type="email" required/>
   name="message" required>>
   type="hidden" name="_subject" value="New contact — yourco.com"/>
  >Send>
>
 

Pick one. Ship it in five minutes.

Free tier: 100 submissions / month, every feature. No credit card. See pricing for higher volume.