Documentation

Fetching flags

Use your environment Read Key to fetch flags from your app or server.

// Client-side (read keys can be public)
fetch('/api/sdk/v1/flags?key=sb_rk_...').then(r => r.json()).then(console.log)

// Node/Server
const res = await fetch('https://your-domain.com/api/sdk/v1/flags?key=sb_rk_...')
const data = await res.json()
console.log(data.flags)
// => { "checkout:new-ui": { enabled: true, value: { color: "blue" } } }

Write API (CI/CD)

Use your environment Write Key (keep it secret) to automate flag updates.

# Upsert a single flag
POST /api/sdk/v1/flags/upsert?key=sb_wk_...
{
  "key": "beta:new-ui",
  "enabled": true,
  "description": "Enable new UI",
  "value": { "rollout": 0.25 }
}

# Bulk upsert or delete flags
POST /api/sdk/v1/flags/bulk?key=sb_wk_...
{
  "operations": [
    { "key": "beta:new-ui", "enabled": true, "value": { "rollout": 0.5 } },
    { "key": "old:feature", "delete": true }
  ]
}

Responses return updated flag(s). Requests are rate-limited. Always store Write Keys securely.

Organizations & Team

Each account has a personal organization by default. Invite teammates, assign roles (owner, admin, editor, viewer), and manage billing at the organization level.

Security

• Read keys may be public, Write keys must stay secret
• Email verification and password reset are built-in
• Rate limiting protects SDK and Write API