24
How Do I

Protect with a PIN

Require a PIN before users can submit a form.

Use the form settings or backend lifecycle options to require a submission PIN.

On the backend, the form stores:

  • submission_code_required
  • submission_code

On the client, the renderer should surface the PIN input only when the form requires it.

Good practice

  • Keep the PIN short enough to be usable.
  • Use the backend to validate access, not only the UI.
  • Hide the control from editors only when the workflow should remain fixed.
Do not treat the client-side PIN field as a security boundary. The backend must reject submissions that do not satisfy the PIN requirement.