https://api.flokit.ai
All API requests require an API key passed as a Bearer token in the Authorization header.
API keys
Keys are workspace-scoped. Find existing keys or create new ones in FloKit → Settings → API Keys.Key types
| Type | Permissions |
|---|---|
| Read-only | Access reports, inspect events, list integrations |
| Read-write | All read permissions plus: send events, trigger syncs, approve and reject actions |
Error responses
401 Unauthorized — API key is missing or invalid.Security
- Store API keys in environment variables or a secrets manager (AWS Secrets Manager, GCP Secret Manager, Doppler, etc.).
- Never commit API keys to version control.
- Rotate keys in FloKit → Settings → API Keys. After rotation, the previous key is immediately invalidated.
- Use separate keys per environment (production vs. staging) to prevent test traffic from entering production data.