Authentication
The server API requires an API key to access and modify data in Fullstory.
A Standard key can send data and read settings. Viewing or exporting user data requires Architect, and modifying privacy block rules requires Admin. See Key Permission Levels for the full breakdown.
This API key should be added to the Authorization header for all requests:
'Authorization: Basic {YOUR_API_KEY}'
You can view and manage your API keys by navigating to Settings > Integrations > API Keys.
Creating a Key
Each API key is created at a specific permission level. The permission level you can assign depends on your user role in Fullstory:
| User Role | Key Levels You Can Create | Keys You Can View |
|---|---|---|
| Standard | Standard only | Own keys only |
| Architect | Standard, Architect | Own keys only |
| Admin | Standard, Architect, Admin | All keys (org-wide) |
Architect role is only available on Enterprise plans. You can create multiple keys, but for security reasons you should only create as many as you need. For details on what each permission level can access, see Key Permission Levels below.
To create a new API key:
- Navigate to Settings > Integrations > API Keys.
- Click the Create key button in the top-right corner of the keys list. The Create API Key sidecar will slide out from the right.
- Enter a meaningful key name, and select the permission level for this key. The key name and permission level can be changed later.
- Click Save API Key.
- Upon successful creation of a key, a modal will appear with the new key's value. The API key's token value is only displayed once. Once you close the modal, you will not be able to see the key value again. Copy the value, save it securely, and close the modal.
Key Permission Levels
API keys use three permission levels that form a hierarchy: Standard → Architect → Admin. A key at a higher level can access all endpoints available to lower levels.
- Standard — Send data into Fullstory (events, users), list sessions, view recording settings, and manage async operations.
- Architect — View, export, and delete user data. Access privacy settings, search exports, raw data exports, and manage extraction rules. Architect roles are available with Enterprise plans.
- Admin — Create, update, and delete element block rules that control what gets captured. Required for privacy-critical configuration changes.
Testing API Key Permission Levels
The v1 Me endpoint (GET /me) provides a way to test any API key and see its permission level. When you call this endpoint with an API key, the response includes a role field that maps to permission levels:
role value | Permission Level |
|---|---|
USER | Standard |
ARCHITECT | Architect |
ADMIN | Admin |
Example request:
curl -H 'Authorization: Basic {YOUR_API_KEY}' https://api.fullstory.com/me
This is useful for verifying that a newly created key has the expected permission level before using it in production.
More details about managing API keys can be found here.