Skip to main content

Documentation Index

Fetch the complete documentation index at: https://confidence.spotify.com/llms.txt

Use this file to discover all available pages before exploring further.

Clients resolve flags into values. A client could be a mobile app, website, or backend service. These clients often run in an untrusted environment and authenticate with a different mechanism than service APIs of Confidence. The calling client authenticates using a shared secret between the caller and Confidence. This secret, called “client secret,” belongs to a client resource in Confidence.

Create a Flag Client

To create a client, provide a display name that identifies the application: 
curl -X POST "https://iam.confidence.dev/v1/clients" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "displayName": "My client"
  }'
Response: 
{
  "name": "clients/1bhq4c2zqigdzqg6ufni",
  "displayName": "My client",
  "createTime": "2023-08-29T09:36:57.163017Z",
  "updateTime": "2023-08-29T09:36:57.163017Z"
}

Create Client Credentials

After creating a client, generate credentials (client secret) for authentication: 
curl -X POST "https://iam.confidence.dev/v1/clients/1bhq4c2zqigdzqg6ufni/credentials" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json"
Response: 
{
  "name": "clients/1bhq4c2zqigdzqg6ufni/credentials/abc123",
  "secret": "ZXhhbXBsZV9zZWNyZXRfa2V5X3RoYXRfeW91X3Nob3VsZF9rZWVwX3NhZmU",
  "createTime": "2023-08-29T09:40:12.456789Z"
}
Make note of the client secret. It’s only returned once, from the create operation. If you lose it, you have to create a new one.
Store the client secret securely. Anyone with this secret can resolve flags on behalf of this client.

Use Client Secrets

The client secret authenticates when resolving and applying flags. Unlike other API operations that use Bearer tokens, resolve and apply operations use the client secret directly: 
curl -X POST "https://flags.confidence.dev/v1/flags:resolve" \
  -H "Content-Type: application/json" \
  -d '{
    "clientSecret": "YOUR_CLIENT_SECRET",
    "evaluationContext": {
      "user_id": "example-user"
    }
  }'

List Clients

To view all clients in your account: 
curl -X GET "https://iam.confidence.dev/v1/clients" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Get a Specific Client

To retrieve details about a specific client: 
curl -X GET "https://iam.confidence.dev/v1/clients/1bhq4c2zqigdzqg6ufni" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Rotate Client Secrets

For security best practices, periodically rotate client secrets:
  1. Create a new credential for the client
  2. Update your application to use the new secret
  3. Delete the old credential after the migration is complete
To delete a credential: 
curl -X DELETE "https://iam.confidence.dev/v1/clients/1bhq4c2zqigdzqg6ufni/credentials/abc123" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Next Steps

After setting up flag clients:
  1. Create flags and associate them with clients
  2. Resolve flags using the client secret
  3. Apply flags to track usage