API overview

The FlowMock Public API lets your CI pipeline set up test states before your app runs — flip a scenario, enable mocks, tear down when done. Server-to-server only. No browser cookies.

Available on Team and Business plans.

Base URL

https://api.flowmock.dev/api/v1

Quick example

KEY="fmk_your_api_key"
BASE="https://api.flowmock.dev/api/v1"

# Set up a session for CI run 42
curl -X PUT "$BASE/sessions/ci-42" \
  -H "Authorization: Bearer $KEY" \
  -H "Content-Type: application/json" \
  -d '{"project":"checkout","environment":"staging","scenario":"scn_declined"}'

# Run tests with: x-flowmock-session: ci-42

# Clean up
curl -X DELETE "$BASE/sessions/ci-42?project=checkout&environment=staging&mode=delete" \
  -H "Authorization: Bearer $KEY"

The integration contract

Your app-under-test must send the same session key on every proxied request:

x-flowmock-session: ci-42

The API stores that key (after normalization). The proxy matches sessions by exact string equality on this header.

Typical CI flow

1. PUT /sessions/ci-${RUN_ID} — set project, environment, scenario
2. Run tests — app hits FlowMock proxy with x-flowmock-session: ci-${RUN_ID}
3. Assert — app behavior against deterministic mocks
4. Optional: GET /sessions/ci-${RUN_ID}/logs — verify upstream calls
5. DELETE /sessions/ci-${RUN_ID}?mode=delete — tear down

Endpoints at a glance

What's not in v1

These stay in the dashboard for now:

• Creating or editing mocks and scenarios
• Environment-wide mock activation
• Transforms
• Org, billing, and API key management

Manage API keys in the dashboard under Settings → API keys.

Next steps

• Authentication — keys, scoping, rate limits
• Sessions — the workhorse endpoint
• Errors — when things go wrong