FeatureGate

Management

Preview

First-slice automation routes for organisations, projects, flags, runtime keys, and audit events.

The first public Management slice is available for management automation keys. It uses scoped management keys, not server runtime keys and not console browser sessions.

This page combines integration notes with generated request and response shapes for the shipped first-slice routes. Management is preview while broader automation workflows continue to settle.

Management keys

Management keys authenticate automation acting on behalf of an organisation. Keep them distinct from runtime keys: a runtime key can never call a management route, and a management key is never accepted on Evaluation routes.

Create management automation keys from organisation settings > Access keys in the console. Grant only the scopes the script needs, then pass the key as Authorization: Bearer fg_ak_test_.... Server runtime keys and browser client keys are rejected on management routes.

Common first-slice scopes:

  • management:organisations:read
  • management:projects:read
  • management:environments:read
  • management:flags:read
  • management:flags:write
  • management:runtime-keys:read
  • management:runtime-keys:write
  • management:audit:read

First-slice routes

Organisations and projects

Use these routes to discover the organisations and projects visible to the management key.

GEThttps://api.featuregate.dev/v1/organisations
Authenticate with a management automation key in the Authorization header.management:organisations:read

This endpoint takes no parameters.

Request
sh
curl -X GET https://api.featuregate.dev/v1/organisations \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"

Returns

organisationsobject[]required
idstringrequired

Length: 1+

createdAtstringrequired
updatedAtstringrequired
namestringrequired

Length: 1+

slugstringrequired

Length: 1+

ownerUserIdstringrequired

Length: 1+

Example response · 200
json
{
  "organisations": []
}

Responses

200Organisations in scope for the authenticated management key.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.
GEThttps://api.featuregate.dev/v1/projects
Authenticate with a management automation key in the Authorization header.management:projects:read

This endpoint takes no parameters.

Request
sh
curl -X GET https://api.featuregate.dev/v1/projects \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"

Returns

projectsobject[]required
idstringrequired

Stable project identifier, prefixed with project_.

Length: 1+

createdAtstringrequired

Project creation timestamp.

updatedAtstringrequired

Last project update timestamp.

archivedAtstring | nullrequired

Archive timestamp, or null while active.

organisationIdstringrequired

Owning organisation identifier.

Length: 1+

namestringrequired

Human-readable project name.

Length: 1+

slugstringrequired

Console URL slug, unique inside the organisation.

Length: 1+

iconstring | nullrequired

Console display icon, if configured.

colorstring | nullrequired

Console display color, if configured.

Example response · 200
json
{
  "projects": []
}

Responses

200Projects in scope for the authenticated management key.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.
GEThttps://api.featuregate.dev/v1/projects/{projectId}
Authenticate with a management automation key in the Authorization header.management:projects:read

Path parameters

projectIdstringrequired

Stable project_ identifier.

Pattern: ^project_.+

Request
sh
curl -X GET https://api.featuregate.dev/v1/projects/project_example \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"

Returns

projectobjectrequired
idstringrequired

Stable project identifier, prefixed with project_.

Length: 1+

createdAtstringrequired

Project creation timestamp.

updatedAtstringrequired

Last project update timestamp.

archivedAtstring | nullrequired

Archive timestamp, or null while active.

organisationIdstringrequired

Owning organisation identifier.

Length: 1+

namestringrequired

Human-readable project name.

Length: 1+

slugstringrequired

Console URL slug, unique inside the organisation.

Length: 1+

iconstring | nullrequired

Console display icon, if configured.

colorstring | nullrequired

Console display color, if configured.

Responses

200The requested project.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.

Environments and flags

Read environments and flags before making automation changes. Flag creation also seeds environment defaults so new flags can be evaluated consistently.

GEThttps://api.featuregate.dev/v1/projects/{projectId}/environments
Authenticate with a management automation key in the Authorization header.management:environments:read

Path parameters

projectIdstringrequired

Stable project_ identifier.

Pattern: ^project_.+

Request
sh
curl -X GET https://api.featuregate.dev/v1/projects/project_example/environments \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"

Returns

environmentsobject[]required
idstringrequired

Stable environment identifier, prefixed with env_.

Length: 1+

createdAtstringrequired

Environment creation timestamp.

updatedAtstringrequired

Last environment update timestamp.

archivedAtstring | nullrequired

Archive timestamp, or null while active.

projectIdstringrequired

Owning project identifier.

Length: 1+

keystringrequired

Developer-facing environment key.

Length: 1+

kind"local" | "development" | "test" | "qa" | "staging" | "preview" | "production" | "other"required

Environment classification used for console badges and production safeguards.

Options: local, development, test, qa, staging, preview, production, other

namestringrequired

Human-readable environment name.

Length: 1+

shortLabelstringrequired

Compact badge label used in the console.

Length: 1+

sortOrderintegerrequired

Display order within the project.

Example response · 200
json
{
  "environments": []
}

Responses

200Project environments ordered for display and automation.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.
GEThttps://api.featuregate.dev/v1/projects/{projectId}/flags
Authenticate with a management automation key in the Authorization header.management:flags:read

Path parameters

projectIdstringrequired

Stable project_ identifier.

Pattern: ^project_.+

Request
sh
curl -X GET https://api.featuregate.dev/v1/projects/project_example/flags \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"

Returns

flagsobject[]required
idstringrequired

Stable flag identifier, prefixed with flag_.

Length: 1+

createdAtstringrequired

Flag creation timestamp.

updatedAtstringrequired

Last flag update timestamp.

archivedAtstring | nullrequired

Archive timestamp, or null while active.

projectIdstringrequired

Owning project identifier.

Length: 1+

keystringrequired

Developer-facing flag key.

Length: 1+

namestringrequired

Human-readable flag name.

Length: 1+

descriptionstring | nullrequired

Optional internal description.

type"boolean" | "string" | "number" | "object"required

Flag value type.

Options: boolean, string, number, object

lifecycleKind"temporary" | "permanent"required

Flag lifecycle classification.

Options: temporary, permanent

intent"release" | "ops" | "permission" | "experiment" | "configuration" | "maintenance"required

Flag intent classification.

Options: release, ops, permission, experiment, configuration, maintenance

cleanupTargetAtstring | nullrequired

Cleanup review timestamp, when set.

cleanupNotestring | nullrequired

Optional cleanup guidance.

Example response · 200
json
{
  "flags": []
}

Responses

200Project flag definitions. Environment availability is configured separately.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.
POSThttps://api.featuregate.dev/v1/projects/{projectId}/flags
Authenticate with a management automation key in the Authorization header.management:flags:write

Path parameters

projectIdstringrequired

Stable project_ identifier.

Pattern: ^project_.+

Body parameters

keystringrequired

Developer-facing flag key, unique inside the project.

Length: 1-80

namestringrequired

Human-readable flag name.

Length: 1-120

descriptionstring | nulloptional

Optional internal description shown in management surfaces.

Length: up to 240

type"boolean" | "string" | "number" | "object"optional

Typed value family for this flag.

Default: booleanOptions: boolean, string, number, object

lifecycleKind"temporary" | "permanent"optional

Whether the flag should be reviewed for cleanup or treated as permanent.

Default: temporaryOptions: temporary, permanent

intent"release" | "ops" | "permission" | "experiment" | "configuration" | "maintenance"optional

Why the flag exists.

Default: releaseOptions: release, ops, permission, experiment, configuration, maintenance

cleanupTargetAtstring | nulloptional

Cleanup review timestamp for temporary flags.

cleanupNotestring | nulloptional

Optional cleanup guidance for temporary flags.

Length: up to 500

Request
sh
curl -X POST https://api.featuregate.dev/v1/projects/project_example/flags \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef" \
  -H "Content-Type: application/json" \
  -d '{
  "key": "new-checkout",
  "name": "New checkout",
  "type": "boolean"
}'

Returns

flagobjectrequired
idstringrequired

Stable flag identifier, prefixed with flag_.

Length: 1+

createdAtstringrequired

Flag creation timestamp.

updatedAtstringrequired

Last flag update timestamp.

archivedAtstring | nullrequired

Archive timestamp, or null while active.

projectIdstringrequired

Owning project identifier.

Length: 1+

keystringrequired

Developer-facing flag key.

Length: 1+

namestringrequired

Human-readable flag name.

Length: 1+

descriptionstring | nullrequired

Optional internal description.

type"boolean" | "string" | "number" | "object"required

Flag value type.

Options: boolean, string, number, object

lifecycleKind"temporary" | "permanent"required

Flag lifecycle classification.

Options: temporary, permanent

intent"release" | "ops" | "permission" | "experiment" | "configuration" | "maintenance"required

Flag intent classification.

Options: release, ops, permission, experiment, configuration, maintenance

cleanupTargetAtstring | nullrequired

Cleanup review timestamp, when set.

cleanupNotestring | nullrequired

Optional cleanup guidance.

Responses

201The created flag.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.
PUThttps://api.featuregate.dev/v1/projects/{projectId}/flags/{flagKey}/environments/{environmentKey}
Authenticate with a management automation key in the Authorization header.management:flags:write

Path parameters

projectIdstringrequired

Stable project_ identifier.

Pattern: ^project_.+

flagKeystringrequired

Lowercase letters, numbers, and hyphens only.

Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$

environmentKeystringrequired

Lowercase letters, numbers, and hyphens only.

Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$

Body parameters

defaultValueboolean | string | number | objectrequired

Typed fallback value for this flag/environment pair.

Request
sh
curl -X PUT https://api.featuregate.dev/v1/projects/project_example/flags/new-checkout/environments/production \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef" \
  -H "Content-Type: application/json" \
  -d '{
  "defaultValue": false
}'

Returns

flagEnvironmentConfigobjectrequired
idstringrequired

Stable flag-environment config identifier.

Length: 1+

flagIdstringrequired

Owning flag identifier.

Length: 1+

environmentIdstringrequired

Owning environment identifier.

Length: 1+

defaultValueboolean | string | number | objectrequired

Environment fallback value.

createdAtstringrequired

Config creation timestamp.

updatedAtstringrequired

Last config update timestamp.

Responses

200The created or updated flag environment configuration.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.
DELETEhttps://api.featuregate.dev/v1/projects/{projectId}/flags/{flagKey}/environments/{environmentKey}
Authenticate with a management automation key in the Authorization header.management:flags:write

Path parameters

projectIdstringrequired

Stable project_ identifier.

Pattern: ^project_.+

flagKeystringrequired

Lowercase letters, numbers, and hyphens only.

Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$

environmentKeystringrequired

Lowercase letters, numbers, and hyphens only.

Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$

Request
sh
curl -X DELETE https://api.featuregate.dev/v1/projects/project_example/flags/new-checkout/environments/production \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"

Returns

flagEnvironmentConfigobjectrequired
idstringrequired

Length: 1+

flagIdstringrequired

Length: 1+

environmentIdstringrequired

Length: 1+

Responses

200The removed flag environment configuration identifiers.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.

Runtime keys

Runtime keys are created under a specific environment and return their raw secret only once. Store the returned key immediately and use the metadata routes for later audits.

GEThttps://api.featuregate.dev/v1/projects/{projectId}/environments/{environmentKey}/runtime-keys
Authenticate with a management automation key in the Authorization header.management:runtime-keys:read

Path parameters

projectIdstringrequired

Stable project_ identifier.

Pattern: ^project_.+

environmentKeystringrequired

Lowercase letters, numbers, and hyphens only.

Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$

Request
sh
curl -X GET https://api.featuregate.dev/v1/projects/project_example/environments/production/runtime-keys \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"

Returns

runtimeKeysobject[]required
idstringrequired

Stable API key identifier, prefixed with key_.

Length: 1+

createdAtstringrequired

Key creation timestamp.

updatedAtstringrequired

Last key metadata update timestamp.

namestringrequired

Operator-facing key name.

Length: 1+

keyPrefixstringrequired

Non-secret key fingerprint shown for identification.

Length: 1+

scopes"runtime:evaluate" | "runtime:snapshot"[]required

Runtime scopes granted to this key.

organisationIdstringrequired

Owning organisation identifier.

Length: 1+

projectIdstring | nullrequired

Bound project identifier.

Length: 1+

environmentIdstring | nullrequired

Bound environment identifier.

Length: 1+

createdByUserIdstring | nullrequired

Creating user, when available.

Length: 1+

lastUsedAtstring | nullrequired

Last successful use timestamp, when known.

revokedAtstring | nullrequired

Revocation timestamp, or null while active.

Example response · 200
json
{
  "runtimeKeys": []
}

Responses

200Runtime key metadata for the selected environment.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.
POSThttps://api.featuregate.dev/v1/projects/{projectId}/environments/{environmentKey}/runtime-keys
Authenticate with a management automation key in the Authorization header.management:runtime-keys:write

Path parameters

projectIdstringrequired

Stable project_ identifier.

Pattern: ^project_.+

environmentKeystringrequired

Lowercase letters, numbers, and hyphens only.

Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$

Body parameters

namestringrequired

Display name for operators and audit history.

Length: 1-80

scopes"runtime:evaluate" | "runtime:snapshot"[]required

Runtime capabilities granted to the generated key.

Items: 1+

Request
sh
curl -X POST https://api.featuregate.dev/v1/projects/project_example/environments/production/runtime-keys \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef" \
  -H "Content-Type: application/json" \
  -d '{
  "name": "Production server",
  "scopes": [
    "runtime:evaluate",
    "runtime:snapshot"
  ]
}'

Returns

runtimeKeyobjectrequired
idstringrequired

Stable API key identifier, prefixed with key_.

Length: 1+

createdAtstringrequired

Key creation timestamp.

updatedAtstringrequired

Last key metadata update timestamp.

namestringrequired

Operator-facing key name.

Length: 1+

keyPrefixstringrequired

Non-secret key fingerprint shown for identification.

Length: 1+

scopes"runtime:evaluate" | "runtime:snapshot"[]required

Runtime scopes granted to this key.

organisationIdstringrequired

Owning organisation identifier.

Length: 1+

projectIdstring | nullrequired

Bound project identifier.

Length: 1+

environmentIdstring | nullrequired

Bound environment identifier.

Length: 1+

createdByUserIdstring | nullrequired

Creating user, when available.

Length: 1+

lastUsedAtstring | nullrequired

Last successful use timestamp, when known.

revokedAtstring | nullrequired

Revocation timestamp, or null while active.

rawKeystringrequired

Length: 1+

Example response · 201
json
{
  "runtimeKey": {
    "id": "key_example",
    "createdAt": "2026-06-18T00:00:00.000Z",
    "updatedAt": "2026-06-18T00:00:00.000Z",
    "name": "Production server",
    "keyPrefix": "fg_sk_test_0123456789abcdef0123",
    "scopes": [
      "runtime:evaluate",
      "runtime:snapshot"
    ],
    "organisationId": "org_example",
    "projectId": "project_example",
    "environmentId": "env_example",
    "createdByUserId": null,
    "lastUsedAt": null,
    "revokedAt": null
  },
  "rawKey": "fg_sk_test_0123456789abcdef0123456789abcdef0123456789abcdef"
}

Responses

201The created runtime key metadata plus the one-time raw key.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.
POSThttps://api.featuregate.dev/v1/projects/{projectId}/environments/{environmentKey}/runtime-keys/{keyId}/revoke
Authenticate with a management automation key in the Authorization header.management:runtime-keys:write

Path parameters

projectIdstringrequired

Stable project_ identifier.

Pattern: ^project_.+

environmentKeystringrequired

Lowercase letters, numbers, and hyphens only.

Length: 1-80Pattern: ^[a-z0-9]+(?:-[a-z0-9]+)*$

keyIdstringrequired

Stable key_ identifier.

Pattern: ^key_.+

Request
sh
curl -X POST https://api.featuregate.dev/v1/projects/project_example/environments/production/runtime-keys/key_example/revoke \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"

Returns

runtimeKeyobjectrequired
idstringrequired

Stable API key identifier, prefixed with key_.

Length: 1+

createdAtstringrequired

Key creation timestamp.

updatedAtstringrequired

Last key metadata update timestamp.

namestringrequired

Operator-facing key name.

Length: 1+

keyPrefixstringrequired

Non-secret key fingerprint shown for identification.

Length: 1+

scopes"runtime:evaluate" | "runtime:snapshot"[]required

Runtime scopes granted to this key.

organisationIdstringrequired

Owning organisation identifier.

Length: 1+

projectIdstring | nullrequired

Bound project identifier.

Length: 1+

environmentIdstring | nullrequired

Bound environment identifier.

Length: 1+

createdByUserIdstring | nullrequired

Creating user, when available.

Length: 1+

lastUsedAtstring | nullrequired

Last successful use timestamp, when known.

revokedAtstring | nullrequired

Revocation timestamp, or null while active.

Responses

200The revoked runtime key metadata.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.

Audit events

Audit events expose recent project-scoped operational changes for automation logs and review workflows.

GEThttps://api.featuregate.dev/v1/projects/{projectId}/audit-events
Authenticate with a management automation key in the Authorization header.management:audit:read

Path parameters

projectIdstringrequired

Stable project_ identifier.

Pattern: ^project_.+

Query parameters

pageintegeroptional

One-based result page.

Default: 1Value: 1+

limitintegeroptional

Events per page.

Default: 50Value: 1-100

Request
sh
curl -X GET https://api.featuregate.dev/v1/projects/project_example/audit-events \
  -H "Authorization: Bearer fg_ak_test_0123456789abcdef0123456789abcdef0123456789abcdef"

Returns

auditEventsobject[]required
idstringrequired

Stable audit event identifier, prefixed with audit_.

Length: 1+

createdAtstringrequired

Event creation timestamp.

typestringrequired

Audit event type.

Length: 1+

organisationIdstringrequired

Owning organisation identifier.

Length: 1+

projectIdstring | nullrequired

Related project, when available.

Length: 1+

environmentIdstring | nullrequired

Related environment, when available.

Length: 1+

flagIdstring | nullrequired

Related flag, when available.

Length: 1+

flagEnvironmentConfigIdstring | nullrequired

Related flag-environment config, when available.

Length: 1+

apiKeyIdstring | nullrequired

Calling API key, when available.

Length: 1+

actorUserIdstring | nullrequired

Calling user, when available.

Length: 1+

metadataobjectrequired

Event-specific metadata.

pageintegerrequired

Current one-based page.

pageCountintegerrequired

Total number of pages.

pageSizeintegerrequired

Events per page.

totalCountintegerrequired

Total matching event count.

Example response · 200
json
{
  "auditEvents": [],
  "page": 1,
  "pageCount": 0,
  "pageSize": 50,
  "totalCount": 0
}

Responses

200A paginated project audit-event page.
400Validation failed.
401Authentication failed.
403The key is not allowed to access this resource.
429Rate limit exceeded.
500Unexpected server error.

Broader management routes should follow the same public /v1 shape. The retired /internal/* surface is not part of the public product contract.