Skip to main content
The Confidence API uses the REST structure. Confidence supports authentication via access tokens and OAuth 2.0. You make requests via HTTP endpoints with clear functions and appropriate response codes. The API follows the Google API guidelines as much as possible.

Authentication

Before you can access an endpoint within Confidence, you need to have valid authentication. Two kinds of APIs exist in Confidence: the management API that you use to configure the different entities in the platform (flags, experiments, fact tables etc), and the resolve/events API that you use in the Client SDKs to resolve flag values and emit events. Because these two kinds have different characteristics, they use different methods for authentication. For the resolve API, you create a “Client” which has an API_TOKEN that you use to authenticate. This API token is long-lived so you can, for example, bundle it inside your mobile app to resolve flags. A client can have multiple API tokens attached to it, to allow for rotating tokens as needed. You create clients in the Admin panel in Confidence. The management API uses a Client Credentials OAuth flow, where you supply a client ID and a client secret and in exchange get an access token that is valid for 24 hours. The token is then included in all requests to the API in an HTTP header. You create API clients in the Admin panel in Confidence.

Request a Token for an API Client

curl -X POST "https://api.confidence.dev/v1/auth/token" \
  -H "Content-Type: application/json" \
  -d '{
    "grantType": "client_credentials",
    "clientId": "clientId",
    "clientSecret": "clientSecret"
  }'

Pagination

List resources allow for pagination by allowing a page_token and a page_size in the requests. If there are more results, a list response has a next_page_token field. Use this token in the next request to ask for the next page of results.

Resource Names

The API uses resource names to uniquely identify each entity that you can use to reference that resource. A resource name consists of a type and an identifier, for example flags/my-flag. A resource name can be hierarchical if the parent owns a child resource. The resource name can then have multiple levels, for example flags/my-flag/variants/control.

Response Status Codes

The Confidence API uses standard HTTP status codes to signal the status of a request to a consumer, for example 200 (OK), 401 (Unauthorized), 404 (Not found).

Errors

The Confidence API uses standard HTTP status codes to signal error conditions. Is some cases the response also includes a JSON payload with a more detailed error message: 
{
 "code": 7,
 "message": "Permission denied, missing permission list:metrics",
 "details": []
}

Update Masks

When updating a resource, the update request can take an optional field mask, which specifies which fields on the resource the request should update. If the field mask is not included, the request updates the whole resource. More details about field masks and how to specify them are available in the Google API guidelines.