REST API Overview

Programmatic access to your application configurations. The App Config.json REST API allows you to read, update, and manage configurations across environments in real-time.

Ready to start?

Generate an API key from your dashboard under Settings → API Keys. All requests require a valid Bearer token.

Base URL & Versioning

All API requests are made over HTTPS. Other protocols (HTTP) will fail. API endpoints will always be prefixed with the version number.

Base URL

https://api.appconfig.json/v3/

The API is versioned via the URL path. The current stable version is v3. We maintain backward compatibility for at least 12 months after a new version is released.

Authentication

The API uses API keys and JWT tokens for authentication. Include your credentials in the Authorization header with every request.

Server-to-server requests use API keys. These keys do not expire and should be stored securely.

HTTP Header

Authorization: Bearer acj_live_sk_8f92a1b3c4d5e6f7g8h9

Client-side or short-lived access uses JWT tokens generated via the /auth/token endpoint. Tokens expire after 15 minutes.

HTTP Header

Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

Endpoint Overview

The API is organized around REST principles. Here are the primary resource groups:

Method	Endpoint	Description
GET	`/configs`	Retrieve all configurations for the authenticated project
POST	`/configs`	Create or upsert a configuration key
PUT	`/configs/{key}`	Update an existing configuration value
DELETE	`/configs/{key}`	Remove a configuration key permanently
GET	`/environments`	List all environments (dev, staging, prod)
GET	`/features`	Retrieve feature flag states and targeting rules
GET	`/audit`	Fetch configuration change history

Configs Resource

Manage key-value configuration pairs. Supports strings, numbers, booleans, and nested JSON objects.

cURL - Update Config
POST https://api.appconfig.json/v3/configs
Authorization: Bearer acj_live_sk_8f92a1b3c4d5e6f7g8h9
Content-Type: application/json

{
  "key": "api.timeout",
  "value": 5000,
  "env": "production",
  "comment": "Reduce timeout for high traffic"
}

Response (201 Created):

JSON Response
{
  "id": "cfg_9x821",
  "key": "api.timeout",
  "value": 5000,
  "updated_at": "2025-09-15T14:22:00Z",
  "synced_to": true
}

Rate Limits & Status Codes

API calls are rate-limited based on your plan. Exceeding limits returns 429 Too Many Requests.

Plan	Requests/min	Burst	Exponential Backoff
Starter	100	10	Yes
Pro	1,000	100	Yes
Enterprise	5,000+	500	Configurable

Standard HTTP Status Codes

Code	Meaning	Context
`200`	OK	Request successful
`201`	Created	Resource successfully created
`400`	Bad Request	Invalid JSON or missing fields
`401`	Unauthorized	Invalid or expired token
`404`	Not Found	Config key or environment doesn't exist
`429`	Too Many Requests	Rate limit exceeded
`500`	Internal Error	Server-side failure (contact support)

Error Handling

All errors return a JSON payload with error.code and error.message. Always check the response status and handle errors gracefully in production.

SDKs & Tools

While the REST API is fully documented, we provide official SDKs for faster integration:

Node.js / JavaScript: npm install @appconfig/sdk
Python: pip install appconfig-json
Go: go get github.com/appconfig/go-sdk
Rust: cargo add appconfig-rs

Pre-built Postman Collection and OpenAPI 3.0 Spec are available for testing and client generation.