Skip to main content

Management API

The management API allows you to create and manage apps, flags, environments, and API keys programmatically.

Authentication

Management endpoints require a CLI token (cli_*): 
curl https://superflag.sh/api/v1/apps \
  -H "Authorization: Bearer cli_..."
Get a CLI token by running superflag login and copying from ~/.superflag/credentials.json.

Apps

List Apps

GET /api/v1/apps
Response: 
{
  "data": [
    {
      "id": "app_abc123",
      "name": "my-app",
      "createdAt": "2025-01-01T00:00:00Z"
    }
  ]
}

Create App

POST /api/v1/apps
Request Body: 
{
  "name": "my-new-app"
}
Response: 
{
  "data": {
    "id": "app_xyz789",
    "name": "my-new-app",
    "createdAt": "2025-01-06T12:00:00Z"
  }
}

Environments

Environments are created automatically with each app:
  • development
  • staging
  • production

List Environments

GET /api/v1/envs?appId=app_abc123
Response: 
{
  "data": [
    {
      "id": "env_dev123",
      "name": "development",
      "appId": "app_abc123"
    },
    {
      "id": "env_stg123",
      "name": "staging",
      "appId": "app_abc123"
    },
    {
      "id": "env_prd123",
      "name": "production",
      "appId": "app_abc123"
    }
  ]
}

Flags

List Flags

GET /api/v1/flags?appId=app_abc123&env=production
Response: 
{
  "data": {
    "dark-mode": {
      "type": "bool",
      "value": true,
      "clientEnabled": true
    },
    "api-url": {
      "type": "string",
      "value": "https://api.example.com",
      "clientEnabled": false
    }
  }
}

Create Flag

POST /api/v1/flags
Request Body: 
{
  "appId": "app_abc123",
  "env": "production",
  "key": "new-feature",
  "type": "bool",
  "value": true,
  "clientEnabled": true
}
Flag Types:
  • bool - Boolean values (true/false)
  • string - Text values
  • number - Numeric values
  • json - JSON objects
Response: 
{
  "data": {
    "version": 43,
    "flag": {
      "type": "bool",
      "value": true,
      "clientEnabled": true
    }
  }
}

Update Flag

PATCH /api/v1/flags
Request Body: 
{
  "appId": "app_abc123",
  "env": "production",
  "key": "dark-mode",
  "value": false
}
Response: 
{
  "data": {
    "version": 44,
    "flag": {
      "type": "bool",
      "value": false,
      "clientEnabled": true
    }
  }
}

Delete Flag

DELETE /api/v1/flags?appId=app_abc123&env=production&key=old-feature
Response: 
{
  "data": {
    "version": 45
  }
}

API Keys

List Keys

GET /api/v1/keys?appId=app_abc123&env=production
Response: 
{
  "data": [
    {
      "id": "key_123",
      "type": "pub",
      "prefix": "pub_prod_",
      "createdAt": "2025-01-01T00:00:00Z"
    },
    {
      "id": "key_456",
      "type": "sdk",
      "prefix": "sdk_prod_",
      "createdAt": "2025-01-01T00:00:00Z"
    }
  ]
}

Create Key

POST /api/v1/keys
Request Body: 
{
  "appId": "app_abc123",
  "env": "production",
  "type": "pub"
}
Key Types:
  • pub - Public client key (for browsers/mobile)
  • sdk - Server SDK key (for backend)
Response: 
{
  "data": {
    "id": "key_789",
    "type": "pub",
    "key": "pub_prod_abc123xyz789...",
    "createdAt": "2025-01-06T12:00:00Z"
  }
}
The full key is only returned once when created. Store it securely.

Revoke Key

DELETE /api/v1/keys?keyId=key_789
Response: 
{
  "data": {
    "success": true
  }
}

Bulk Operations

Bulk Update Flags

POST /api/v1/flags/bulk
Request Body: 
{
  "appId": "app_abc123",
  "env": "production",
  "flags": {
    "feature-a": true,
    "feature-b": false,
    "api-timeout": 30
  }
}
Response: 
{
  "data": {
    "version": 46,
    "updated": 3
  }
}

Examples

Create App and Flag (JavaScript)

const token = 'cli_...'

// Create app
const appResponse = await fetch('https://superflag.sh/api/v1/apps', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${token}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ name: 'my-new-app' })
})

const { data: app } = await appResponse.json()

// Create flag
const flagResponse = await fetch('https://superflag.sh/api/v1/flags', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${token}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    appId: app.id,
    env: 'production',
    key: 'dark-mode',
    type: 'bool',
    value: true,
    clientEnabled: true
  })
})

const { data: flag } = await flagResponse.json()
console.log('Created flag at version:', flag.version)

Update Flag (Curl)

curl -X PATCH https://superflag.sh/api/v1/flags \
  -H "Authorization: Bearer cli_..." \
  -H "Content-Type: application/json" \
  -d '{
    "appId": "app_abc123",
    "env": "production",
    "key": "dark-mode",
    "value": false
  }'

Create API Key (Python)

import requests

token = 'cli_...'

response = requests.post(
    'https://superflag.sh/api/v1/keys',
    headers={'Authorization': f'Bearer {token}'},
    json={
        'appId': 'app_abc123',
        'env': 'production',
        'type': 'pub'
    }
)

data = response.json()
print('New key:', data['data']['key'])

Error Responses

401 Unauthorized

{
  "error": "Not authenticated"
}

403 Forbidden

{
  "error": "Insufficient permissions"
}

404 Not Found

{
  "error": "App not found"
}

400 Bad Request

{
  "error": "Invalid flag type"
}

Rate Limits

Management endpoints share the same rate limits as config endpoints:
  • 25,000 requests/month/environment (Free)
  • 100,000 requests/month/environment (Pro)

CLI Alternative

For most use cases, the CLI is easier than calling the API directly: 
superflag apps create my-new-app
superflag use my-new-app production
superflag flags create --key dark-mode --type bool --value true --client

Next Steps

API Overview

Authentication and general info

CLI Reference

Use the CLI instead of API