search
reflag.comChangelogSign up

API Access

Understand when to use the Reflag Runtime API and when to use the Reflag Management API

Reflag offers two distinct APIs:

  1. Runtime API: This is the primary API your application uses at runtime to fetch flags for users. It uses two types of keys:

    • Publishable Key: Used in client-side code to securely connect to Reflag services.

    • Secret Key: Employed in server-side environments to safeguard sensitive interactions and data.

    Each environment on Reflag has a publishable key and a secret key.

  2. Management API: This API lets you manage your Reflag account, including listing apps, flags, and updating targeting rules. API keys govern access to the Management API. API keys are bound to your Reflag app.

hashtag
Runtime API Access

To use the Reflag runtime SDKs and/or Reflag Runtime API, you need an environment-specific SDK key. These keys are unique to each environment on Reflag and ensure secure interaction with data in that environment only. While the data (flag targeting, companies, users, events, and more) are environment-specific, the exposed flag details and remote config values are shared across all environments.

When developing client-facing code, such as web, mobile, or any publicly accessible applications, utilize the "Publishable key". This key is safe to share, as it has limited permissions for accessing and transmitting information.

Utilize the "Secret key" to access additional data like targeting rule definitions and secret flags. This key is intended for use in server-side environments only and must remain confidential.

Refer to the Reflag SDKs documentation for detailed information on useful keys for each flag.

circle-exclamation

SDK keys are auto-generated by Reflag for each app environment and cannot be changed.

The SDK and API keys

hashtag
Management API Access

The Management API allows direct manipulation of your Reflag account without using the Reflag web app. It enables programmatic control over environment settings, flag configurations, and more.

One primary use case is the Reflag CLI, which can run in CI/CD pipelines with an API key. This enables seamless flag management during automated deployments.

To start, create a new API key and select its scopes. After setting the necessary scopes, securely store the API key for use in your CI/CD pipelines or other automated processes.

Create a new API key

After clicking "Create," you'll receive the API key. Remember to save it, as you won't be able to retrieve it later.

circle-exclamation

Select only the necessary scopes for your API keys. Limit permissions and delete unused keys.

PreviousOpenFeatureNextRuntime API

Last updated

Was this helpful?