Config

/client/config is the single evaluation endpoint for remote config. Authenticated callers get per-segment + percentage-rollout values; anonymous callers get defaults only. Responses are cacheable via ETag / If-None-Match; cache control is private to prevent multi-tenant leakage through shared proxies.

Source: apps/api/src/routes/client/config.ts.

Endpoints

Method	Path	Description
GET	`/client/config`	Evaluated config map. Accepts only `X-Api-Key` (session token optional).

GET /client/config

Request

GET /client/config
X-Api-Key: amb_client_ck_xxx
Authorization: Bearer <session-token>    (optional — anonymous callers get defaults)
If-None-Match: "<prior-etag>"            (optional)

Response 200

{ "data": { "my_feature_flag": true, "paywall_price": 9.99 } }

Headers:

ETag: "<version_hash>[:<user_id>:<segments_hash>]"
Cache-Control: private, max-age=60        (authenticated)
Cache-Control: private, max-age=300       (anonymous)
Vary: Authorization

Response 304

Returned when If-None-Match matches the current ETag. The body is empty.

ETag composition

Anonymous: "<version_hash>" — singleton config_versions.version_hash.
Authenticated: "<version_hash>:<appUserId>:<sha256(sorted-segments)[:16]>" — invalidates automatically on segment membership changes.

Rollout evaluation

Per-condition ladder (in order):

If segment_id is set, the user must be a member.
If percentage is set and < 100, hash(appUserId|key) % 100 < percentage must hold.
First matching condition wins. Otherwise default_value is returned.

Errors

500 FETCH_FAILED.

Try it:

GET/client/config

client auth

curl -X GET 'https://api.amba.dev/client/config'

Loading auth… Configure auth in the settings drawer (top-right) to run this request.

Curl:

curl -X GET '${BASE_URL}/client/config' \
  -H 'X-Api-Key: ${CLIENT_API_KEY}' \
  -H 'Authorization: Bearer ${SESSION_TOKEN}'

On this page