The Optimizely Feature Experimentation REST APIs let you interface with Optimizely programmatically to build customized integrations and workflows. For example, you can create feature flags from an automated script or build custom dashboards of experiment results.
This page describes the Feature Experimentation REST API to control flags, rules, and environments in the Optimizely Feature Experimentation application.
If you are looking for a REST API that delivers the same functionality as the Optimizely Feature Experimentation SDKs, see Optimizely Agent.
Because Optimizely Experimentation's REST APIs are used for both Optimizely Web Experimentation and Optimizely Feature Experimentation, some resources may not be applicable for your use cases. See About the Feature Experimentation APIs for applicable endpoints.
For production use cases, you will want to integrate these API calls directly into your own application. Optimizely recommends authenticating using OAuth 2.0. See the Optimizely Web Experimentation OAuth 2.0 documentation for implementation details.
However, to make the APIs easily explorable, Optimizely has also implemented personal access tokens.
To generate a personal access token in Optimizely:
Go to Profile > API Access and click Generate New Token.
Enter a token name and click Create.
If you are an administrator, you can create tokens for other collaborators on the account. Use the dropdown menu to select a collaborator. If you are not an administrator for the account, you can only generate a personal token for yourself.
Copy the token.
For security purposes, when you navigate away from the API Access tab, the token will no longer be visible when you return. If you need a token, generate a new one.
Keep your tokens secret and treat them like passwords. If you need a new one, revoke or delete the token and generate another.
Revoking a token permanently removes it, so you can no longer use it to connect to the Feature Experimentation APIs. If you are an administrator, you can revoke any personal token attached to the account. If you are not an administrator for the account, you can only revoke the tokens that you generate for yourself.
To delete a token:
- Go to Profile > API Access.
- Under Personal Access Tokens, click Revoke.
- Click Delete Token to confirm. You cannot undo this action.
To authenticate, use a token generated from the previous instructions in the request header, as shown in the following example. All API request examples in this documentation use the same header.
curl -H "Authorization: Bearer abcdefg123456" \
Using the wrong token will fail with error
403 - Authentication Failed.
If you forget to add the token or set the token on the wrong header or on the body, the request will fail with
401 - Unauthorized.