Skip to main content
Base URL: https://api.flokit.ai All API requests require an API key passed as a Bearer token in the Authorization header.
Authorization: Bearer $FLOKIT_API_KEY
Example:
curl -H "Authorization: Bearer $FLOKIT_API_KEY" \
  https://api.flokit.ai/v1/workspace

API keys

Keys are workspace-scoped. Find existing keys or create new ones in FloKit → Settings → API Keys.

Key types

TypePermissions
Read-onlyAccess reports, inspect events, list integrations
Read-writeAll read permissions plus: send events, trigger syncs, approve and reject actions
Use read-only keys for reporting pipelines and dashboards. Use read-write keys only in trusted server-side contexts.

Error responses

401 Unauthorized — API key is missing or invalid.
{
  "error": "unauthorized",
  "message": "Invalid or missing API key"
}
403 Forbidden — API key is valid but lacks the required permission for the operation (e.g. a read-only key attempting to send events).
{
  "error": "forbidden",
  "message": "This operation requires a read-write key"
}

Security

  • Store API keys in environment variables or a secrets manager (AWS Secrets Manager, GCP Secret Manager, Doppler, etc.).
  • Never commit API keys to version control.
  • Rotate keys in FloKit → Settings → API Keys. After rotation, the previous key is immediately invalidated.
  • Use separate keys per environment (production vs. staging) to prevent test traffic from entering production data.