Changelog · Last updated May 16, 2026
Product updates
Highlights from recent releases. For integration behaviour and limits, the guides in the left nav stay the source of truth — this page is the digest.
File uploads (Lite & Pro)
Forms can now accept file attachments. Add an <input type="file"> to any form on a paid plan and SaveForm stores the file on private blob storage, surfaces it as a download chip in the dashboard, and forwards it to your webhook receivers as a signed URL they can fetch without a SaveForm login.
Plan limits
- Lite — 3 files per submission, 4 MB each, 1 GB total storage across all forms.
- Pro — 10 files per submission, 4 MB each, 10 GB total storage.
- Free — file uploads are rejected with HTTP 403; the rest of the submission still goes through if you fix the field and retry without the attachment.
End-to-end
Everything in the submission pipeline learned to recognise files: the dashboard renders download chips with MIME-aware icons, CSV and JSON exports embed gated download URLs, notification emails ship with a clickable download line per file, and webhook payloads gain a url / downloadUrl on every file reference. Template authors can reach in with dot-paths like {{attachment.url}} and {{attachment.filename}} for Discord, Slack, and custom JSON receivers.
Storage usage is reflected live on the dashboard. An amber banner appears across every dashboard page at 80% of cap; at 100% new uploads are paused until you free up space (existing submissions and downloads keep working). Full file uploads guide.
Webhook delivery log + signed payloads
Every outbound webhook is now easier to trust and debug end-to-end: you get a delivery timeline on each submission, and requests carry stable SaveForm identifiers alongside optional auth headers you configure.
Delivery log
Each POST is recorded with HTTP status, timing, a response excerpt, and the reason when nothing was sent (spam skip, quota, inactive webhook). Failures stay visible — there are no silent retries — and you can fire a manual retry from the submission row when you have fixed the downstream endpoint.
Verifier-friendly outbound requests
Alongside the JSON or form body, SaveForm sends User-Agent: SaveFormIO-Webhook/1.0 and X-SaveForm-Webhook-Id on every call so your receiver can reject traffic that does not look like ours. Layer Bearer tokens, API keys, Basic auth, or custom headers on top so only your stack can accept authenticated payloads over HTTPS.
Learn more
- File uploads — plan limits, HTML & fetch examples, signed URLs in webhook payloads, security, and retention.
- Delivery & retries — logging, failures, manual retries, and the test button.
- Authentication — auth modes and identifying SaveForm traffic.
- Submissions dashboard — row-level webhook status and debugging workflow.