Skip to main content
All Public API endpoints require an API key. You create keys in the SureFeedback dashboard and pass them directly in every request — no login step required.

Getting an API key

1

Log in to SureFeedback

Go to app.surefeedback.com and log in.
2

Open API Keys

Click your profile icon in the top bar, then select API Keys.
3

Create a key

Click + Create API Key, give it a name, select permissions (Read, Write, Delete), and set an optional expiry date.
4

Copy the key

Copy the sf_... key immediately — it is shown only once and cannot be retrieved again.

Using your API key

Pass your API key in one of two ways on every request: 
X-API-Key: sf_your_api_key_here

Option 2 — Authorization Bearer header

Authorization: Bearer sf_your_api_key_here
Both methods are equivalent. Example: 
curl  https://api.surefeedback.com/api/v1/comments \
  -H "X-API-Key: sf_your_api_key_here" \
  -G \
  --data-urlencode "site_id=<your_site_id>"

Permissions

When creating a key, you grant it one or more permission levels:
PermissionWhat it allows
ReadFetch comments, sites, projects, approvals, mockups
WriteCreate and update comments, sites, projects, approvals
DeleteDelete comments, sites, projects, mockups
Assign only the permissions your integration needs.

Key security

  • Never expose API keys in client-side JavaScript or public repositories
  • Rotate keys regularly — use the Rotate action in the API Keys dashboard
  • Revoke compromised keys immediately using the Disable or Delete action
  • Use expiry dates for short-lived integrations

Errors

StatusMeaning
401API key is missing, invalid, or deactivated
403API key does not have the required permission for this action