Forms and Mutations Forms enable you to create and update data in web applications. Next.js provides a powerful way to handle form submissions and data mutations using API Routes .
Good to know:
We will soon recommend incrementally adopting the App Router and using Server Actions for handling form submissions and data mutations. Server Actions allow you to define asynchronous server functions that can be called directly from your components, without needing to manually create an API Route.
API Routes do not specify CORS headers , meaning they are same-origin only by default.
Since API Routes run on the server, we're able to use sensitive values (like API keys) through Environment Variables without exposing them to the client. This is critical for the security of your application.
With the Pages Router, you need to manually create API endpoints to handle securely mutating data on the server.
import type { NextApiRequest, NextApiResponse } from ' next '
export default async function handler (
req : NextApiRequest ,
res : NextApiResponse
) {
const data = req .body
const id = await createItem (data)
res . status ( 200 ). json ({ id })
}
export default function handler (req, res) {
const data = req .body
const id = await createItem (data)
res . status ( 200 ). json ({ id })
}
Then, call the API Route from the client with an event handler:
import { FormEvent } from ' react '
export default function Page () {
async function onSubmit (event : FormEvent < HTMLFormElement >) {
event . preventDefault ()
const formData = new FormData ( event .currentTarget)
const response = await fetch ( ' /api/submit ' , {
method : ' POST ' ,
body : formData,
})
// Handle response if necessary
const data = await response . json ()
// ...
}
return (
< form onSubmit = {onSubmit}>
< input type = "text" name = "name" />
< button type = "submit" >Submit</ button >
</ form >
)
}
We recommend using HTML validation like required
and type="email"
for basic client-side form validation.
For more advanced server-side validation, you can use a schema validation library like zod to validate the form fields before mutating the data:
import type { NextApiRequest, NextApiResponse } from ' next '
import { z } from ' zod '
const schema = z . object ({
// ...
})
export default async function handler (
req : NextApiRequest ,
res : NextApiResponse
) {
const parsed = schema . parse ( req .body)
// ...
}
import { z } from ' zod '
const schema = z . object ({
// ...
})
export default async function handler (req, res) {
const parsed = schema . parse ( req .body)
// ...
}
You can use React state to show an error message when a form submission fails:
import React, { useState, FormEvent } from ' react '
export default function Page () {
const [ isLoading , setIsLoading ] = useState < boolean >( false )
const [ error , setError ] = useState < string | null >( null )
async function onSubmit (event : FormEvent < HTMLFormElement >) {
event . preventDefault ()
setIsLoading ( true )
setError ( null ) // Clear previous errors when a new request starts
try {
const formData = new FormData ( event .currentTarget)
const response = await fetch ( ' /api/submit ' , {
method : ' POST ' ,
body : formData,
})
if ( ! response .ok) {
throw new Error ( ' Failed to submit the data. Please try again. ' )
}
// Handle response if necessary
const data = await response . json ()
// ...
} catch (error) {
// Capture the error message to display to the user
setError ( error .message)
console . error (error)
} finally {
setIsLoading ( false )
}
}
return (
< div >
{error && < div style = {{ color : ' red ' }}>{error}</ div >}
< form onSubmit = {onSubmit}>
< input type = "text" name = "name" />
< button type = "submit" disabled = {isLoading}>
{isLoading ? ' Loading... ' : ' Submit ' }
</ button >
</ form >
</ div >
)
}
You can use React state to show a loading state when a form is submitting on the server:
import React, { useState, FormEvent } from ' react '
export default function Page () {
const [ isLoading , setIsLoading ] = useState < boolean >( false )
async function onSubmit (event : FormEvent < HTMLFormElement >) {
event . preventDefault ()
setIsLoading ( true ) // Set loading to true when the request starts
try {
const formData = new FormData ( event .currentTarget)
const response = await fetch ( ' /api/submit ' , {
method : ' POST ' ,
body : formData,
})
// Handle response if necessary
const data = await response . json ()
// ...
} catch (error) {
// Handle error if necessary
console . error (error)
} finally {
setIsLoading ( false ) // Set loading to false when the request completes
}
}
return (
< form onSubmit = {onSubmit}>
< input type = "text" name = "name" />
< button type = "submit" disabled = {isLoading}>
{isLoading ? ' Loading... ' : ' Submit ' }
</ button >
</ form >
)
}
If you would like to redirect the user to a different route after a mutation, you can redirect
to any absolute or relative URL:
import type { NextApiRequest, NextApiResponse } from ' next '
export default async function handler (
req : NextApiRequest ,
res : NextApiResponse
) {
const id = await addPost ()
res . redirect ( 307 , ` /post/ ${ id } ` )
}
export default async function handler (req, res) {
const id = await addPost ()
res . redirect ( 307 , ` /post/ ${ id } ` )
}
You can set cookies inside an API Route using the setHeader
method on the response:
import type { NextApiRequest, NextApiResponse } from ' next '
export default async function handler (
req : NextApiRequest ,
res : NextApiResponse
) {
res . setHeader ( ' Set-Cookie ' , ' username=lee; Path=/; HttpOnly ' )
res . status ( 200 ). send ( ' Cookie has been set. ' )
}
export default async function handler (req, res) {
res . setHeader ( ' Set-Cookie ' , ' username=lee; Path=/; HttpOnly ' )
res . status ( 200 ). send ( ' Cookie has been set. ' )
}
You can read cookies inside an API Route using the cookies
request helper:
import type { NextApiRequest, NextApiResponse } from ' next '
export default async function handler (
req : NextApiRequest ,
res : NextApiResponse
) {
const auth = req . cookies .authorization
// ...
}
export default async function handler (req, res) {
const auth = req . cookies .authorization
// ...
}
You can delete cookies inside an API Route using the setHeader
method on the response:
import type { NextApiRequest, NextApiResponse } from ' next '
export default async function handler (
req : NextApiRequest ,
res : NextApiResponse
) {
res . setHeader ( ' Set-Cookie ' , ' username=; Path=/; HttpOnly; Max-Age=0 ' )
res . status ( 200 ). send ( ' Cookie has been deleted. ' )
}
export default async function handler (req, res) {
res . setHeader ( ' Set-Cookie ' , ' username=; Path=/; HttpOnly; Max-Age=0 ' )
res . status ( 200 ). send ( ' Cookie has been deleted. ' )
}