Overview
REST APIs for integrating with Confetti.
Confetti exposes two REST APIs, each with its own authentication method.
Public API
Used by the widget to fetch surveys and submit responses. Authenticated with your team's publishable key (x-cfti-pk header).
Server-to-server API
Coming soon. Backend integrations authenticated with a secret API key (Authorization: Bearer).
Which one should I use?
| Public API | Server-to-server API | |
|---|---|---|
| Audience | Browser / widget | Your backend |
| Credential | Publishable key | Secret API key |
| Sent as | x-cfti-pk header | Authorization: Bearer <key> |
| Safe to expose in client code | Yes | No |
| Status | Available | Coming soon |
Machine-readable spec
The full OpenAPI 3.1 specification is available at
/openapi.json — useful for code generation, API clients, and
AI tools.