Automation recipe · All recipes
Auto-Save Signed Waivers to Google Drive
After a client signs a waiver, most teams track down the signed PDF from an inbox, rename it, and drag it into the right Google Drive folder — by hand. Multiply that by every walk-in, every event, every intake session, and the filing backlog compounds fast. Signed waivers get lost in email threads, misfiled under the wrong client, or simply never archived. One missed consent document creates a real liability exposure for clinics, studios, and agencies alike.
Formfy fires a webhook the instant a client signs. Pipe that event into a lightweight server function or automation tool, fetch the signed PDF via the Formfy API, and upload it straight to Google Drive — fully hands-off, every time.
How the recipe flows
Trigger (Formfy)
A client completes and signs a Formfy waiver or consent form
Step 1
Formfy fires a form.signed webhook event with the form ID and signer details
Step 2
A webhook handler fetches the signed PDF token from the Formfy API
Step 3
The PDF binary is downloaded and uploaded to the target Google Drive folder
Outcome
The signed PDF is automatically saved to the correct Google Drive folder within seconds of signing
Build the recipe step-by-step
Subscribe a webhook handler to Formfy form.signed events, fetch the signed PDF via the Formfy API, and upload it to Google Drive automatically on every signature.
Generate a Formfy API key
Open the Formfy dashboard, navigate to Settings → API Keys, and click Create key. Copy the fk_live_… token into your secret manager immediately — Formfy shows it only once. Keep a separate fk_test_… key during development so test PDFs never land in your live Google Drive filing structure.
Subscribe to the form.signed webhook event
POST /api/v1/webhooks with your Bearer token, setting event_types to ["form.signed"] and target_url to the endpoint that will receive deliveries. Formfy returns a webhook id and a signing secret. Store the secret — you will use it to verify every incoming payload before touching Google Drive.
POST
/api/v1/webhooksSee in the OpenAPI spec →Retrieve the signed PDF download token
When your endpoint receives a form.signed payload, extract the form_id field. Call GET /api/v1/forms/{id}/signed-pdf with that id and your Bearer token. Formfy returns a short-lived download token. Process it immediately in the same webhook handler — do not store the token for later retry use.
GET
/api/v1/forms/{id}/signed-pdfSee in the OpenAPI spec →Download the signed PDF binary
Pass the token from the previous step to GET /api/v1/files/pdf/{token}. Formfy streams the signed PDF as application/pdf. Buffer the binary in memory or write it to a temp file — whichever your Google Drive upload client expects — then discard the temp file after the upload succeeds.
GET
/api/v1/files/pdf/{token}See in the OpenAPI spec →Upload the PDF to Google Drive
Authenticate with the Google Drive API using a service account or OAuth2. Call files.create with the PDF binary and mimeType: application/pdf. Place the file in your target folder by passing the folder ID in parents. Name the file with the signer name and signed_at timestamp pulled from the webhook payload.
Test the pipeline end-to-end
Sign a test waiver in Formfy, then open the target Google Drive folder. The signed PDF should appear within 30 seconds. Confirm the filename matches your naming convention. Run GET /api/v1/forms/{id}/signers to cross-check the signer list against the Drive file for an additional audit point.
GET
/api/v1/forms/{id}/signersSee in the OpenAPI spec →Rotate the webhook secret on a quarterly schedule
POST /api/v1/webhooks/{id}/rotate-secret to issue a fresh HMAC signing secret. Update your webhook handler with the new value before discarding the old one — deliveries fail closed until both sides match. Rotate immediately on any suspected credential exposure or team member offboarding.
POST
/api/v1/webhooks/{id}/rotate-secretSee in the OpenAPI spec →
Subscribe to form.signed and fetch the signed PDF for Drive upload
Create a webhook subscription for the form.signed event, then fetch the signed PDF token once your handler receives the payload.
# 1. Subscribe to form.signed
curl -X POST https://formfy.ai/api/v1/webhooks \
-H "Authorization: Bearer fk_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"target_url": "https://your-server.example.com/hooks/formfy",
"event_types": ["form.signed"]
}'
# 2. When your handler receives the payload, fetch the signed PDF token
curl https://formfy.ai/api/v1/forms/FORM_ID/signed-pdf \
-H "Authorization: Bearer fk_live_YOUR_KEY"Frequently asked questions
Which Formfy event triggers the Google Drive upload?
The form.signed event fires the instant all required signers complete signing. Subscribe by POSTing to /api/v1/webhooks with event_types: ["form.signed"]. The payload includes form_id, signer_email, and signed_at — everything needed to fetch the PDF and name the Drive file. You can include form.created or form.sent in the same subscription to track documents earlier in the signing pipeline.
Does Formfy push the signed PDF directly to Google Drive?
No — Formfy does not have a native Google Drive connector. Formfy fires a webhook and exposes the signed PDF via GET /api/v1/forms/{id}/signed-pdf. Your middleware — a server function, a Make scenario, or an n8n workflow — receives the webhook, fetches the PDF binary from the Formfy API, and uploads it to Drive using the Google Drive API. This two-step approach gives you full control over folder structure, file naming, and access permissions.
How do I name signed waiver files consistently in Google Drive?
Pull naming data from the form.signed webhook payload. The event includes signer_email, signed_at (ISO 8601), and form_id. A reliable convention is {FormTitle}_{SignerName}_{YYYY-MM-DD}.pdf, assembled at upload time. If the webhook payload omits the form title, call GET /api/v1/forms/{id} to retrieve it. Consistent naming keeps Drive search predictable and makes compliance audits across hundreds of waivers per month manageable.
Can I organize waivers into per-client or per-date subfolders in Drive?
Yes. The Google Drive API accepts a folder ID in the parents field of a files.create request. Build the target folder dynamically in your handler — look up or create a subfolder named after the client email from the Formfy payload, then upload the PDF into it. Nested hierarchies like year → month → client are fully supported and let you mirror the filing structure your team already uses.
How do I verify the Formfy webhook payload before uploading to Drive?
Formfy signs every delivery with HMAC-SHA256 using the secret returned when you created the webhook subscription. The signature arrives in the X-Formfy-Signature request header. Recompute HMAC-SHA256(secret, raw_body) in your handler and reject any payload where the values do not match before calling the Drive API. This prevents spoofed webhook deliveries from uploading arbitrary files to your Google Drive folders.
What happens if Google Drive is unavailable when the webhook fires?
Formfy retries failed webhook deliveries with exponential backoff for up to 24 hours. If your handler receives the payload but the Drive upload fails, implement a retry queue — persist the form_id rather than the raw token, since PDF download tokens are short-lived and must be re-fetched. GET /api/v1/forms/{id}/signed-pdf issues a fresh token on every call, so retrying with the form_id always works.
Do I need a specific Formfy plan to access the signed PDF API?
The signed PDF endpoint is available on every paid Formfy plan. During the 15-day free trial you can generate a fk_test_… API key and run the full pipeline — webhook subscription, PDF fetch, and Drive upload — before upgrading. Rate limits scale with your plan tier; monitor the X-RateLimit-Remaining response header to stay within quota on high-volume waiver workflows like clinic daily intake.
Can I save signed waivers to a Shared Drive (Team Drive) in Google Drive?
Yes. Pass supportsAllDrives: true and include the Shared Drive ID in the parents array of your files.create request. A Drive admin must grant your service account explicit membership on the Shared Drive — personal OAuth2 credentials do not automatically inherit Shared Drive permissions. Test against a non-production Shared Drive folder first before wiring the handler to your live waiver archive.
Ship this automation in under 15 minutes
Spin up a Formfy API key, paste the example, and run your first end-to-end signed-form workflow today.