reflag.comChangelogSign up

API Access

Understand when to use the Reflag Public API and when to use the Reflag REST API

Reflag offers two distinct APIs:

  1. Public API: This API is required for interaction with customer applications through our SDK or directly via the Public API endpoints. It utilizes two types of keys:

    • Publishable Key: Used in client-side code to securely connect to Reflag services.

    • Secret Key: Employed in server-side environments to safeguard sensitive interactions and data.

    Each environment on Reflag has a publishable key and a secret key.

  2. REST API: This API can be used by customers to directly access and manipulate their account in Reflag (such as listing apps, flags, and amending targeting rules). API Keys govern access to the REST API. API Keys are bound to your Reflag app.

Public API and SDK Access

To use the Reflag SDKs and/or Reflag Public API, you will need an environment-specific SDK key. These keys are unique to each environment on Reflag and ensure secure interaction with data in that environment only. While the data (flag targeting, companies, users, events, etc.) are environment-specific, the exposed flag details and remote config values are shared across all environments.

When developing client-facing code, such as web, mobile, or any publicly accessible applications, utilize the "Publishable key". This key is safe to share, as it has limited permissions for accessing and transmitting information.

Utilize the "Secret key" to access additional data like targeting rule definitions and secret flags. This key is intended for use in server-side environments only and must remain confidential.

Refer to the Reflag SDKs documentation for detailed information on useful keys for each flag.

SDK keys are auto-generated by Reflag for each app environment and cannot be changed.

The SDK and API keys

REST API Access

The REST API allows for direct manipulation of your Reflag account, simplifying processes by bypassing the need for the Reflag web app interface. This enables programmatic control over environment settings, flag configurations, and more, providing flexibility and automation for developers.

One primary use case is the Reflag CLI, which can be configured in CI/CD pipelines when given the API key. This setup enables seamless flag management during automated deployment processes, enhancing workflow efficiency and consistency across different stages of deployment.

To start, create a new API key and select its scopes. After setting the necessary scopes, securely store the API key for use in your CI/CD pipelines or other automated processes.

Create a new API key

After clicking "Create," you'll receive the API key. Remember to save it, as you won't be able to retrieve it later.

Select only the necessary scopes for your API keys. Limit permissions and delete unused keys.

PreviousOpenFeatureNextPublic API

Last updated

Was this helpful?