Management
PreviewFirst-slice automation routes for organisations, projects, flags, runtime keys, and audit events.
The first public Management slice is available for management automation keys. It uses scoped management keys, not server runtime keys and not console browser sessions.
This page combines integration notes with generated request and response shapes for the shipped first-slice routes. Management is preview while broader automation workflows continue to settle.
Management keys
Management keys authenticate automation acting on behalf of an organisation. Keep them distinct from runtime keys: a runtime key can never call a management route, and a management key is never accepted on Evaluation routes.
Create management automation keys from organisation settings > Access keys in the console. Grant
only the scopes the script needs, then pass the key as
Authorization: Bearer fg_ak_test_.... Server runtime keys and browser client keys are rejected
on management routes.
Common first-slice scopes:
management:organisations:readmanagement:projects:readmanagement:environments:readmanagement:flags:readmanagement:flags:writemanagement:runtime-keys:readmanagement:runtime-keys:writemanagement:audit:read
First-slice routes
Organisations and projects
Use these routes to discover the organisations and projects visible to the management key.
This endpoint takes no parameters.
curl -X GET https://api.featuregate.dev/v1/organisations \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"Returns
Length: 1+
Length: 1+
Length: 1+
Length: 1+
{
"organisations": []
}Responses
This endpoint takes no parameters.
curl -X GET https://api.featuregate.dev/v1/projects \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"Returns
Stable project identifier, prefixed with project_.
Length: 1+
Project creation timestamp.
Last project update timestamp.
Archive timestamp, or null while active.
Owning organisation identifier.
Length: 1+
Human-readable project name.
Length: 1+
Console URL slug, unique inside the organisation.
Length: 1+
Console display icon, if configured.
Console display color, if configured.
{
"projects": []
}Responses
Path parameters
Stable project_ identifier.
Pattern: ^project_.+
curl -X GET https://api.featuregate.dev/v1/projects/project_example \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"Returns
Stable project identifier, prefixed with project_.
Length: 1+
Project creation timestamp.
Last project update timestamp.
Archive timestamp, or null while active.
Owning organisation identifier.
Length: 1+
Human-readable project name.
Length: 1+
Console URL slug, unique inside the organisation.
Length: 1+
Console display icon, if configured.
Console display color, if configured.
Responses
Environments and flags
Read environments and flags before making automation changes. Flag creation also seeds environment defaults so new flags can be evaluated consistently.
Path parameters
Stable project_ identifier.
Pattern: ^project_.+
curl -X GET https://api.featuregate.dev/v1/projects/project_example/environments \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"Returns
Stable environment identifier, prefixed with env_.
Length: 1+
Environment creation timestamp.
Last environment update timestamp.
Archive timestamp, or null while active.
Owning project identifier.
Length: 1+
Developer-facing environment key.
Length: 1+
Environment classification used for console badges and production safeguards.
Options: local, development, test, qa, staging, preview, production, other
Human-readable environment name.
Length: 1+
Compact badge label used in the console.
Length: 1+
Display order within the project.
{
"environments": []
}Responses
Path parameters
Stable project_ identifier.
Pattern: ^project_.+
curl -X GET https://api.featuregate.dev/v1/projects/project_example/flags \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"Returns
Stable flag identifier, prefixed with flag_.
Length: 1+
Flag creation timestamp.
Last flag update timestamp.
Archive timestamp, or null while active.
Owning project identifier.
Length: 1+
Developer-facing flag key.
Length: 1+
Human-readable flag name.
Length: 1+
Optional internal description.
Flag value type.
Options: boolean, string, number, object
Flag lifecycle classification.
Options: temporary, permanent
Flag intent classification.
Options: release, ops, permission, experiment, configuration, maintenance
Cleanup review timestamp, when set.
Optional cleanup guidance.
{
"flags": []
}Responses
Path parameters
Stable project_ identifier.
Pattern: ^project_.+
Body parameters
Developer-facing flag key, unique inside the project.
Length: 1-80
Human-readable flag name.
Length: 1-120
Optional internal description shown in management surfaces.
Length: up to 240
Typed value family for this flag.
Default: booleanOptions: boolean, string, number, object
Whether the flag should be reviewed for cleanup or treated as permanent.
Default: temporaryOptions: temporary, permanent
Why the flag exists.
Default: releaseOptions: release, ops, permission, experiment, configuration, maintenance
Cleanup review timestamp for temporary flags.
Optional cleanup guidance for temporary flags.
Length: up to 500
curl -X POST https://api.featuregate.dev/v1/projects/project_example/flags \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef" \
-H "Content-Type: application/json" \
-d '{
"key": "new-checkout",
"name": "New checkout",
"type": "boolean"
}'Returns
Stable flag identifier, prefixed with flag_.
Length: 1+
Flag creation timestamp.
Last flag update timestamp.
Archive timestamp, or null while active.
Owning project identifier.
Length: 1+
Developer-facing flag key.
Length: 1+
Human-readable flag name.
Length: 1+
Optional internal description.
Flag value type.
Options: boolean, string, number, object
Flag lifecycle classification.
Options: temporary, permanent
Flag intent classification.
Options: release, ops, permission, experiment, configuration, maintenance
Cleanup review timestamp, when set.
Optional cleanup guidance.
Responses
Path parameters
Stable project_ identifier.
Pattern: ^project_.+
Lowercase letters, numbers, and hyphens only.
Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$
Lowercase letters, numbers, and hyphens only.
Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$
Body parameters
Typed fallback value for this flag/environment pair.
curl -X PUT https://api.featuregate.dev/v1/projects/project_example/flags/new-checkout/environments/production \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef" \
-H "Content-Type: application/json" \
-d '{
"defaultValue": false
}'Returns
Stable flag-environment config identifier.
Length: 1+
Owning flag identifier.
Length: 1+
Owning environment identifier.
Length: 1+
Environment fallback value.
Config creation timestamp.
Last config update timestamp.
Responses
Path parameters
Stable project_ identifier.
Pattern: ^project_.+
Lowercase letters, numbers, and hyphens only.
Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$
Lowercase letters, numbers, and hyphens only.
Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$
curl -X DELETE https://api.featuregate.dev/v1/projects/project_example/flags/new-checkout/environments/production \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"Returns
Length: 1+
Length: 1+
Length: 1+
Responses
Runtime keys
Runtime keys are created under a specific environment and return their raw secret only once. Store the returned key immediately and use the metadata routes for later audits.
Path parameters
Stable project_ identifier.
Pattern: ^project_.+
Lowercase letters, numbers, and hyphens only.
Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$
curl -X GET https://api.featuregate.dev/v1/projects/project_example/environments/production/runtime-keys \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"Returns
Stable API key identifier, prefixed with key_.
Length: 1+
Key creation timestamp.
Last key metadata update timestamp.
Operator-facing key name.
Length: 1+
Non-secret key fingerprint shown for identification.
Length: 1+
Runtime scopes granted to this key.
Owning organisation identifier.
Length: 1+
Bound project identifier.
Length: 1+
Bound environment identifier.
Length: 1+
Creating user, when available.
Length: 1+
Last successful use timestamp, when known.
Revocation timestamp, or null while active.
{
"runtimeKeys": []
}Responses
Path parameters
Stable project_ identifier.
Pattern: ^project_.+
Lowercase letters, numbers, and hyphens only.
Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$
Body parameters
Display name for operators and audit history.
Length: 1-80
Runtime capabilities granted to the generated key.
Items: 1+
curl -X POST https://api.featuregate.dev/v1/projects/project_example/environments/production/runtime-keys \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef" \
-H "Content-Type: application/json" \
-d '{
"name": "Production server",
"scopes": [
"runtime:evaluate",
"runtime:snapshot"
]
}'Returns
Stable API key identifier, prefixed with key_.
Length: 1+
Key creation timestamp.
Last key metadata update timestamp.
Operator-facing key name.
Length: 1+
Non-secret key fingerprint shown for identification.
Length: 1+
Runtime scopes granted to this key.
Owning organisation identifier.
Length: 1+
Bound project identifier.
Length: 1+
Bound environment identifier.
Length: 1+
Creating user, when available.
Length: 1+
Last successful use timestamp, when known.
Revocation timestamp, or null while active.
Length: 1+
{
"runtimeKey": {
"id": "key_example",
"createdAt": "2026-06-18T00:00:00.000Z",
"updatedAt": "2026-06-18T00:00:00.000Z",
"name": "Production server",
"keyPrefix": "fg_sk_test_0123456789abcdef0123",
"scopes": [
"runtime:evaluate",
"runtime:snapshot"
],
"organisationId": "org_example",
"projectId": "project_example",
"environmentId": "env_example",
"createdByUserId": null,
"lastUsedAt": null,
"revokedAt": null
},
"rawKey": "fg_sk_test_0123456789abcdef0123456789abcdef0123456789abcdef"
}Responses
Path parameters
Stable project_ identifier.
Pattern: ^project_.+
Lowercase letters, numbers, and hyphens only.
Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$
Stable key_ identifier.
Pattern: ^key_.+
curl -X POST https://api.featuregate.dev/v1/projects/project_example/environments/production/runtime-keys/key_example/revoke \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"Returns
Stable API key identifier, prefixed with key_.
Length: 1+
Key creation timestamp.
Last key metadata update timestamp.
Operator-facing key name.
Length: 1+
Non-secret key fingerprint shown for identification.
Length: 1+
Runtime scopes granted to this key.
Owning organisation identifier.
Length: 1+
Bound project identifier.
Length: 1+
Bound environment identifier.
Length: 1+
Creating user, when available.
Length: 1+
Last successful use timestamp, when known.
Revocation timestamp, or null while active.
Responses
Audit events
Audit events expose recent project-scoped operational changes for automation logs and review workflows.
Path parameters
Stable project_ identifier.
Pattern: ^project_.+
Query parameters
One-based result page.
Default: 1Value: 1+
Events per page.
Default: 50Value: 1-100
curl -X GET https://api.featuregate.dev/v1/projects/project_example/audit-events \
-H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"Returns
Stable audit event identifier, prefixed with audit_.
Length: 1+
Event creation timestamp.
Audit event type.
Length: 1+
Owning organisation identifier.
Length: 1+
Related project, when available.
Length: 1+
Related environment, when available.
Length: 1+
Related flag, when available.
Length: 1+
Related flag-environment config, when available.
Length: 1+
Calling API key, when available.
Length: 1+
Calling user, when available.
Length: 1+
Event-specific metadata.
Current one-based page.
Total number of pages.
Events per page.
Total matching event count.
{
"auditEvents": [],
"page": 1,
"pageCount": 0,
"pageSize": 50,
"totalCount": 0
}Responses
Broader management routes should follow the same public /v1 shape. The retired /internal/* surface is not part of the public product contract.