2 minute readReference

The REST API uses CloudBees Feature Management YAML and JSON files. See Configuration as Code for more information on YAML.

You can use the API to do the following:

  • push data into CloudBees Feature Management

  • get data out of CloudBees Feature Management

  • build custom integrations

  • build on top of the CloudBees Feature Management platform

As a security measure, a rate limit has been implemented to one request per second, and is based on the requester IP address. Any requests at rates that exceed the rate limit will receive a 555 error status code. There are no exceptions we can currently make for customers at this time.

Experiments have been deprecated and Flags are the only entity in the system.

The system is backwards compatible, but there are some critical issues to note until a new version of the Restful API is released:

  • Create an Experiment - creates a corresponding Flag, ignoring Experiment name.

  • Get Experiment - works as expected, ignoring Experiment name.

  • Patch Experiment - works as expected, ignoring Experiment name.

  • Get Experiments - returns only Flags that have at least one release rule configured.

  • Delete Experiment - removes a flag’s configuration and/or impression data, but does NOT delete the flag.

Select run in Postman to set up an environment.

Application ID

All resources are part of an application.

To find the Application ID:

  1. Select App Settings on the left panel on the CloudBees Feature Management dashboard.

  2. Select the Integrations tab.


All requests to CloudBees Feature Management’s API must be authenticated with an API token.

API token

Every CloudBees Feature Management user has an API token. The API token inherits the permission of its owner. The changelog shows the actions taken by the owner of the API token.

To find the API Token:

  1. From the team or group that is currently open on the CloudBees Feature Management dashboard, in the left panel, select App Settings Integrations.

    Users are given a different access_token for each team or group they are a member of.

If you need to revoke a token please, contact

Authentication header

You can authenticate with the API token by adding an authorization header containing your token.

Authorization: Bearer API_TOKEN