API Documentation

Programmatic access to FlareCanary. Manage endpoints, view drift events, configure alerts, and monitor MCP servers via REST API.

Authentication
Endpoints
Drift Events
Poll History, Uptime & SSL
Alert Destinations
Metric Alert Rules
Alert Events
Status Pages
Organizations
Folders
Settings
Demo
Errors

Authentication

All authenticated endpoints accept either a session cookie (from the dashboard) or an API key via the x-api-key header.

curl -H "x-api-key: fc_your_api_key_here" \
  https://flarecanary.com/api/endpoints

Generate an API key in Dashboard → Settings. Keys use the fc_ prefix.

Header encryption: Any authentication headers you configure for monitored endpoints are encrypted at rest using AES-256-GCM. They are only decrypted in memory during polling. You can use the Header Helper in the dashboard to generate common auth header formats (Bearer tokens, Basic auth, custom headers) without manual JSON editing.

Endpoints

FlareCanary monitors two types of endpoints: REST APIs (tracks JSON schema structure) and MCP servers (tracks tool catalogs via the Model Context Protocol). Set endpointType when creating an endpoint.

GET/api/endpointsAuth required

List all your monitored endpoint subscriptions.

Query: ?active=true|false (default: true)

// Response
{
  "endpoints": [
    {
      "id": "sub_abc123",
      "name": "Stripe Charges",
      "url": "https://api.stripe.com/v1/charges",
      "method": "GET",
      "endpointType": "rest",
      "pollIntervalMinutes": 60,
      "isActive": true,
      "tags": ["payments", "critical"],
      "driftCount": 2,
      "lastCheckedAt": "2026-03-16T10:00:00Z",
      "lastStatusCode": 200
    }
  ],
  "count": 1
}

POST/api/endpointsAuth required

Subscribe to a new API endpoint or MCP server for monitoring.

// REST endpoint
{
  "name": "Stripe Charges",
  "url": "https://api.stripe.com/v1/charges",
  "method": "GET",
  "endpointType": "rest",
  "headers": { "Authorization": "Bearer sk_..." },
  "requestBody": null,
  "pollIntervalMinutes": 60,
  "tags": ["payments"]
}

// MCP server
{
  "name": "My MCP Server",
  "url": "https://mcp.example.com/mcp",
  "endpointType": "mcp",
  "headers": { "Authorization": "Bearer token" },
  "pollIntervalMinutes": 60,
  "tags": ["ai-tools"]
}

// Response (201)
{ "id": "sub_abc123", "name": "Stripe Charges", ... }

For MCP servers, method is automatically set to POST. The initial poll connects via MCP protocol and captures the tool catalog as the baseline schema. MCP response includes mcpServerInfo with serverName, protocolVersion, toolCount, and lastToolNames.

GET/api/endpoints/:idAuth required

Get a single endpoint subscription with full details.

PATCH/api/endpoints/:idAuth required

Update subscription settings. URL, method, and headers are immutable after creation.

// Request body (all fields optional)
{
  "name": "Updated Name",
  "pollIntervalMinutes": 120,
  "tags": ["updated-tag"],
  "isActive": false
}

DELETE/api/endpoints/:idAuth required

Unsubscribe from an endpoint. If no other subscribers remain, the watched URL is also removed.

POST/api/endpoints/testAuth required

Test an endpoint connection without saving. Supports both REST and MCP endpoint types.

// REST test
{
  "url": "https://api.example.com/data",
  "endpointType": "rest",
  "method": "GET",
  "headers": {}
}

// REST response
{
  "success": true,
  "statusCode": 200,
  "responseTimeMs": 142,
  "isJson": true,
  "fieldCount": 12
}

// MCP test
{
  "url": "https://mcp.example.com/mcp",
  "endpointType": "mcp",
  "headers": { "Authorization": "Bearer token" }
}

// MCP response
{
  "success": true,
  "endpointType": "mcp",
  "responseTimeMs": 230,
  "serverName": "my-mcp-server",
  "protocolVersion": "2025-03-26",
  "toolCount": 5,
  "toolNames": ["search", "create", "update", "delete", "list"]
}

POST/api/endpoints/:id/refreshAuth required

Manually re-poll the endpoint and update the baseline schema.

GET/api/endpoints/libraryAuth required

Browse the public endpoint library. Discover popular APIs already monitored by other users.

Query: ?q=search&limit=100&offset=0

Drift Events

For REST endpoints, drift events track JSON schema changes (added, removed, or type-changed fields). For MCP servers, drift events track tool catalog changes (tools added, removed, or modified).

GET/api/endpoints/:id/driftsAuth required

Get drift event history for an endpoint.

Query: ?limit=50&severity=breaking|warning|info

// Response
{
  "endpointId": "sub_abc123",
  "endpointName": "Stripe Charges",
  "events": [
    {
      "id": "drift_xyz",
      "severity": "breaking",
      "changes": [
        { "path": "data.currency", "type": "removed" },
        { "path": "data.amount", "type": "type_change",
          "from": "number", "to": "string" }
      ],
      "detectedAt": "2026-03-16T10:00:00Z"
    }
  ],
  "count": 1
}

PATCH/api/endpoints/:id/drifts/:driftIdAuth required

Acknowledge or resolve a drift event.

// Request body
{
  "action": "acknowledge"  // or "resolve"
}

// Response
{ "success": true, "action": "acknowledge", "driftId": "drift_xyz" }

GET/api/endpoints/:id/mcp-errorsAuth required

Get JSON-RPC error code breakdown for MCP endpoints. Shows error distribution and state transitions.

Query: ?range=24h|7d|30d (default: 7d). Only available for MCP endpoint types.

// Response
{
  "range": "7d",
  "totalPolls": 168,
  "successCount": 162,
  "failureCount": 6,
  "errorCodeDistribution": { "-32601": 3, "-32603": 1 },
  "connectionErrors": { "Timeout": 2 },
  "transitions": [
    { "from": "success", "to": "-32601", "at": "2026-03-16T10:00:00Z" }
  ]
}

GET/api/endpoints/:id/drift-alertsAuth required

Get drift alert configuration for an endpoint (enabled status and minimum severity threshold).

PATCH/api/endpoints/:id/drift-alertsAuth required

Toggle drift alerts on/off and set the minimum severity that triggers a notification.

// Request body
{
  "driftAlertsEnabled": true,
  "driftAlertMinSeverity": "warning"  // "info" | "warning" | "breaking"
}

Poll History, Uptime & SSL

GET/api/endpoints/:id/historyAuth required

Get poll history with response time stats for charting.

Query: ?range=24h|7d|30d (default: 7d)

// Response
{
  "history": [
    { "polledAt": "2026-03-16T10:00:00Z",
      "statusCode": 200, "responseTimeMs": 142, "success": true }
  ],
  "stats": {
    "min": 98, "max": 312, "avg": 156,
    "p50": 142, "p95": 285, "p99": 310
  },
  "totalPolls": 168,
  "successfulPolls": 167,
  "failedPolls": 1
}

GET/api/endpoints/:id/uptimeAuth required

Get 30-day uptime percentage with daily breakdown.

// Response
{
  "uptimePercent": 99.4,
  "totalPolls": 720,
  "successfulPolls": 716,
  "failedPolls": 4,
  "dailyBuckets": [
    { "date": "2026-03-16", "total": 24, "success": 24 }
  ]
}

GET/api/endpoints/:id/sslAuth required

Get SSL certificate status including issuer and expiry date.

// Response
{
  "sslExpiresAt": "2026-09-15T00:00:00Z",
  "sslIssuer": "Let's Encrypt Authority X3",
  "sslCheckedAt": "2026-03-16T10:00:00Z"
}

GET/api/endpoints/:id/status-codesAuth required

Get status code distribution over time.

Query: ?range=24h|7d|30d (default: 7d)

Alert Destinations

Alert destinations control where notifications are sent. Configure email or webhook destinations globally or per endpoint. Use Metric Alert Rules to control what triggers a notification.

GET/api/alertsAuth required

List alert destination configurations. Optionally filter by endpoint.

Query: ?endpointId=sub_abc123 (optional — returns endpoint-specific and global alerts separately)

POST/api/alertsAuth required

Create a new alert destination (email or webhook).

// Email alert
{
  "type": "email",
  "config": { "to": "you@example.com" },
  "minSeverity": "warning",          // optional: "info" | "warning" | "breaking"
  "endpointId": "sub_abc123"         // optional (global if omitted)
}

// Webhook alert
{
  "type": "webhook",
  "config": { "url": "https://your-webhook-endpoint.com/hook" }
}

PATCH/api/alerts/:idAuth required

Update alert config or toggle active/inactive.

DELETE/api/alerts/:idAuth required

Remove an alert destination.

Metric Alert Rules

Metric alert rules trigger notifications based on performance thresholds — response time, status codes, SSL expiry, response size, or availability. Rules evaluate over consecutive poll intervals to avoid false positives.

GET/api/alert-rulesAuth required

List metric alert rules for a watched URL.

Query: ?watchedUrlId=uuid (required), &metric=response_time (optional filter)

POST/api/alert-rulesAuth required

Create a metric alert rule.

// Request body
{
  "watchedUrlId": "uuid-of-watched-url",
  "metric": "response_time",
  "operator": "gt",
  "threshold": 2000,
  "consecutiveIntervals": 3,
  "notifyOnResolve": false
}

// Supported metrics: response_time, status_code, ssl_expiry,
//                    response_size, availability
// Supported operators: gt, lt, eq, neq

PUT/api/alert-rules/:idAuth required

Replace an existing metric alert rule.

DELETE/api/alert-rules/:idAuth required

Delete a metric alert rule.

GET/api/alert-rules/:id/stateAuth required

Get the current state of a metric alert rule (status, streak, acknowledgement).

POST/api/alert-rules/:id/acknowledgeAuth required

Acknowledge a fired alert. Silences repeat notifications until the condition heals and re-fires.

POST/api/alert-rules/:id/resolveAuth required

Manually resolve a metric alert. Resets the alert state entirely (streak, acknowledgement, and status).

Alert Events

GET/api/alert-eventsAuth required

List alert event history for a watched URL. Shows fired, acknowledged, and resolved events.

Query: ?watchedUrlId=uuid (required), &limit=20&offset=0

// Response
{
  "events": [
    {
      "id": "evt_abc",
      "type": "fired",
      "metric": "response_time",
      "threshold": 2000,
      "actualValue": 3200,
      "supersededBy": null,
      "createdAt": "2026-03-16T10:00:00Z"
    }
  ],
  "count": 1
}

GET/api/endpoints/:id/active-alertsAuth required

Get currently active (unresolved) alerts for an endpoint.

GET/api/alert-events/orgAuth required

List all alert events across the current organization. Includes both drift and metric alert events with endpoint context.

Query: ?limit=30&offset=0&type=drift|metric&search=url-fragment

Status Pages

Organizations can enable public status pages showing real-time endpoint health, uptime, and SSL status. Access is controlled per-org: public pages require no authentication, while members-only pages require org membership.

GET/api/status/:slug

Get status page data for an organization by its slug. Public if the org has enabled public status pages, otherwise requires org membership.

// Response
{
  "org": { "name": "My Team", "slug": "my-team", "description": "..." },
  "isPublic": true,
  "overallStatus": "operational",  // "operational" | "degraded" | "down" | "unknown"
  "endpoints": [
    {
      "name": "Stripe API",
      "currentStatus": "operational",
      "uptimePercent": 99.4,
      "avgResponseTimeMs": 156,
      "lastCheckedAt": "2026-03-16T10:00:00Z",
      "sslStatus": "valid",  // "valid" | "warning" | "critical" | "expired" | null
      "dailyBuckets": [
        { "date": "2026-03-16", "total": 24, "success": 24 }
      ]
    }
  ],
  "generatedAt": "2026-03-16T10:05:00Z"
}

Organizations

Organizations enable team-based monitoring on Startup and Enterprise plans. Endpoints, alerts, and folders are scoped to the active organization.

GET/api/orgsAuth required

List organizations you belong to.

POST/api/orgsAuth required

Create a new organization.

// Request body
{
  "name": "My Team",
  "slug": "my-team"   // lowercase alphanumeric with hyphens
}

PATCH/api/orgs/:orgIdAuth required

Update organization name or slug.

GET/api/orgs/:orgId/membersAuth required

List organization members and their roles.

POST/api/orgs/:orgId/membersAuth required

Invite a member to the organization.

Folders

GET/api/foldersAuth required

List folders for the active organization.

POST/api/foldersAuth required

Create a folder to organize endpoints.

// Request body
{
  "name": "Production APIs",
  "color": "#4CAF50"    // optional
}

PATCH/api/foldersAuth required

Update a folder name or color.

// Request body
{ "id": "folder-uuid", "name": "Updated Name" }

DELETE/api/foldersAuth required

Delete a folder. Endpoints in the folder are unassigned, not deleted.

// Request body
{ "id": "folder-uuid" }

Settings

GET/api/settings/api-keyAuth required

Check if you have an API key generated.

POST/api/settings/api-keyAuth required

Generate or regenerate your API key. Returns the raw key (store it securely — it cannot be retrieved later).

DELETE/api/settings/api-keyAuth required

Revoke your current API key.

GET/api/settings/planAuth required

Get your current plan, limits, and usage.

// Response
{
  "plan": "starter",
  "limits": {
    "maxEndpoints": 25,
    "minPollIntervalMinutes": 60
  },
  "usage": { "endpoints": 8 }
}

Demo

GET/api/demo

See a pre-built schema drift example (Stripe-like charge object). No authentication required.

POST/api/demo

Compare two JSON objects for schema differences. No authentication required.

// Request body
{
  "before": { "id": 1, "name": "Alice", "active": true },
  "after": { "id": "1", "name": "Alice", "role": "admin" }
}

// Response
{
  "drift": {
    "changes": [
      { "path": "id", "type": "type_change", "from": "number", "to": "string" },
      { "path": "active", "type": "removed" },
      { "path": "role", "type": "added" }
    ],
    "summary": { "added": 1, "removed": 1, "typeChanges": 1 }
  }
}

GET/api/demo/unstable

A demo endpoint that rotates its schema every 6 hours. Monitor this to see drift detection in action.

Errors

All errors return a JSON body with an error field.

Status	Meaning
400	Invalid request body or parameters
401	Missing or invalid authentication
403	Plan limit reached (ENDPOINT_LIMIT, INTERVAL_LIMIT) or insufficient org role
404	Resource not found
409	Conflict (e.g., duplicate email)
500	Internal server error

Rate Limits & Plans

Plan	Endpoints	Min poll interval	Price
Free	3	24 hours	$0
Starter	25	1 hour	$19/mo
Pro	100	15 minutes	$49/mo
Startup (team)	250	15 minutes	$199/mo
Enterprise (team)	500	15 minutes	$499/mo