API keys are the credentials your application uses to authenticate with Foff and retrieve feature flag values at runtime. Generate one from the Developers section of the dashboard, then pass it to your SDK config or API requests.
Generate an API key
Open the Developers section
In the Foff dashboard, click Developers in the navigation bar. This is where all your API keys are created and managed.
Generate a new key
Click the Generate API Key button. Foff will create a new key and display it in a modal.
Copy the key immediately
Copy the key and store it in a secure location — such as a password manager or your environment’s secrets manager. Once you close the modal, the full key value is never displayed again.
Your API key is shown only once at the moment of generation. If you lose it before storing it, you must generate a new key. There is no way to recover a lost key.
Use your API key
TypeScript / JavaScript SDK
Pass the key to the Config constructor using the APIKey field. Always read it from an environment variable rather than embedding it in your source code.
const config = new Config({
APIKey: process.env.FOFF_API_KEY!,
BaseURL: "https://foff.twospoon.ai/live",
Scope: "my-scope",
});
Store keys securely
Never hardcode an API key in your source code or commit it to version control. Instead:
- Set it as an environment variable (
FOFF_API_KEY) in your deployment environment.
- Use a secrets manager (e.g., AWS Secrets Manager, HashiCorp Vault, or your CI/CD platform’s built-in secrets store) to inject the value at runtime.
This limits the blast radius if a key is ever exposed — you can disable or rotate the key without changing your codebase.
Next steps
After generating your key, see Managing API Keys to learn how to disable a key, restrict it to specific IP addresses, and organize keys across environments.