Overview
Secret-key API for backend integrations.
The server-to-server API lets your backend integrate with Confetti directly — for example, to read responses programmatically — without going through the browser widget.
Authentication
Requests are authenticated with a secret API key, sent as a bearer token:
GET /api/v1/protected/surveys/{surveyId}/responses HTTP/1.1
Host: confetti.gov.sg
Authorization: Bearer <your-secret-api-key>Create and revoke secret keys on the Setup page in Confetti. The key is shown only once when created — store it somewhere safe.
The secret API key grants access to your team's data. Keep it on your server — never expose it in client-side code or commit it to source control. For browser use, use the public API and its publishable key instead.
Endpoints
Browse the endpoints grouped by resource in the sidebar.