Documentation Index
Fetch the complete documentation index at: https://docs.swisstools.dev/llms.txt
Use this file to discover all available pages before exploring further.
API keys let your application authenticate with the Swisstools API without a user session. They are scoped to a single project and are project-admin equivalent, so each key grants access only to that project’s resources.
When you need an API key
An API key is required for the Feature Flags SDK endpoint (GET /api/flags/:recordId). It is also accepted on every other project-scoped endpoint (/api/projects/:projectId/…) as an alternative to a session cookie — handy for scripts and CI. Mock endpoints and webhook inboxes are public per-project URLs, reachable via your project’s subdomain without any authentication.
| Surface | API key |
|---|
Feature Flags SDK (GET /api/flags/:recordId) | Required |
Other project endpoints (/api/projects/:projectId/…) | Accepted (or use a session) |
| Mock endpoints | Not used (public) |
| Webhook inboxes | Not used (public) |
Creating an API key
Open your project
In the dashboard, navigate to the project you want to create a key for.
Go to Feature Flags
Select Feature Flags from the project navigation.
Open the API Keys tab
Click the API Keys tab within the Feature Flags section.
Create the key
Click Create Key, give the key a name, and confirm. The full key value is displayed once immediately after creation.
The key value is shown only once at creation time. Copy it and store it in a secrets manager or environment variable before closing the dialog. If you lose it, you’ll need to revoke the key and create a new one.
Using your API key
Pass the key in the Authorization header as a Bearer token.
curl
curl -H "Authorization: Bearer <your-api-key>" \
https://swisstools.dev/api/flags/<record-id>
const response = await fetch('https://swisstools.dev/api/flags/record-id', {
headers: {
'Authorization': 'Bearer your-api-key-here'
}
});
const flags = await response.json();
record-id with the ID of the record you want to evaluate flags for.
Revoking an API key
To revoke a key, go to Dashboard → Project → Feature Flags → API Keys and delete the key. Revocation takes effect immediately — any request using that key will be rejected.
Never include API keys in client-side code, public repositories, or any place accessible to end users. Keys should only be used in server-side environments where they remain confidential. If a key is exposed, revoke it immediately and issue a new one.
