Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.surefeedback.com/llms.txt

Use this file to discover all available pages before exploring further.

All Public API endpoints require an API key. You create keys in the SureFeedback dashboard and pass them directly in every request — no login step required.

Getting an API key

1

Log in to SureFeedback

Go to app.surefeedback.com and log in.
2

Open API Keys

Click your profile icon in the top bar, then select API Keys.
3

Create a key

Click + Create API Key, give it a name, select permissions (Read, Write, Delete), and set an optional expiry date.
4

Copy the key

Copy the sf_... key immediately — it is shown only once and cannot be retrieved again.

Using your API key

Pass your API key in one of two ways on every request: 
X-API-Key: sf_your_api_key_here

Option 2 — Authorization Bearer header

Authorization: Bearer sf_your_api_key_here
Both methods are equivalent. Example: 
curl  https://api.surefeedback.com/api/v1/comments \
  -H "X-API-Key: sf_your_api_key_here" \
  -G \
  --data-urlencode "site_id=<your_site_id>"

Permissions

When creating a key, you grant it one or more permission levels:
PermissionWhat it allows
ReadFetch comments, sites, projects, approvals, mockups
WriteCreate and update comments, sites, projects, approvals
DeleteDelete comments, sites, projects, mockups
Assign only the permissions your integration needs.

Key security

  • Never expose API keys in client-side JavaScript or public repositories
  • Rotate keys regularly — use the Rotate action in the API Keys dashboard
  • Revoke compromised keys immediately using the Disable or Delete action
  • Use expiry dates for short-lived integrations

Errors

StatusMeaning
401API key is missing, invalid, or deactivated
403API key does not have the required permission for this action