Getting Started Guide

Everything you need to start monitoring your APIs with FlareCanary.

In this guide

Adding an endpoint
Adding an MCP server
Setting up authentication headers
Understanding drift alerts
Reading results and diffs
Metric alerts
Working with organizations

Adding an endpoint

An endpoint is any HTTP API that returns JSON. FlareCanary polls it on a schedule, captures the response schema, and alerts you when the structure changes.

Open the Add Endpoint page

From your dashboard, click Add Endpoint (or go to /dashboard/endpoints/new). Make sure REST API is selected at the top.

Enter endpoint details

Give it a name (e.g. "Stripe Charges"), paste the URL, and choose the HTTP method. For GET endpoints, that's usually all you need.

For POST/PUT/PATCH requests, you can also add a JSON request body that FlareCanary will send with each poll.

Set the poll interval

Choose how often FlareCanary checks the endpoint. The Free plan supports daily checks. Paid plans unlock hourly (Starter) and 15-minute (Pro) intervals.

Test the connection

Click Test Connection before saving. This verifies the endpoint is reachable, returns JSON, and shows you the status code, response time, and field count.

Save

Click Add endpoint. FlareCanary immediately polls the endpoint and stores the response schema as your baseline. Future polls compare against this baseline to detect drift.

You can also add endpoints from the Library tab — a curated collection of popular public APIs with pre-existing poll history.

Adding an MCP server

FlareCanary can monitor Model Context Protocol (MCP) servers for tool catalog changes — tools added, removed, or input schemas modified.

Toggle to MCP Server

On the Add Endpoint page, click the MCP Server toggle at the top. The form adjusts to show MCP-specific fields.

Enter the server URL

Provide the Streamable HTTP URL of your MCP server (e.g. https://mcp.example.com/mcp). The server must support the MCP protocol over HTTP.

Add headers if needed

If your MCP server requires authentication, add headers (e.g. a Bearer token) using the Header Helper or the JSON textarea.

Test and save

Click Test Connection to verify the MCP handshake. A successful test shows the server name, protocol version, and discovered tool count. Then click Add MCP Server.

Setting up authentication headers

Many APIs require authentication. FlareCanary sends your headers with every poll request and encrypts sensitive values at rest.

Using the Header Helper

Below the headers textarea, click Header Helper to expand a guided form. Choose your auth type:

Bearer Token — Paste your token. FlareCanary generates {"Authorization": "Bearer your-token"}.
Basic Auth — Enter username and password. FlareCanary Base64-encodes them into the correct header.
API Key — Specify the header name (e.g. X-API-Key) and value. Useful for services that use custom header-based auth.

The helper merges with any existing headers — it won't overwrite other headers you've already set.

Manual JSON entry

You can also type headers directly as a JSON object:

{
  "Authorization": "Bearer sk_live_abc123",
  "X-Custom-Header": "my-value"
}

Sensitive header values (Authorization, X-API-Key, Cookie, etc.) are automatically encrypted at rest using AES-256-GCM. You'll see an "Encrypted at rest" badge near the headers field when encryption is active.

Understanding drift alerts

When FlareCanary detects a change in an API's response schema, it creates a drift event and optionally sends an alert.

Severity levels

Severity	Meaning	Example
info	New field added	`data.metadata` appeared
warning	Field type changed	`data.amount` changed from number to string
breaking	Field removed	`data.currency` no longer present

Drift event lifecycle

Each drift event moves through three states:

New — Just detected. Triggers alert notifications.
Acknowledged — Your team has reviewed it. Silences repeat notifications for this event.
Resolved — The drift has been addressed (e.g. you updated your code to handle the change).

Setting up alert destinations

Go to Dashboard → Alerts to add notification destinations:

Email — Enter an email address to receive styled HTML alerts with severity, endpoint info, and change details.
Webhook (Pro+) — Provide a URL to receive JSON payloads. Works with Slack, PagerDuty, or any HTTP endpoint.

Alerts can be global (all endpoints) or per-endpoint (scoped to a specific subscription). You can also disable drift alerts for individual endpoints from the endpoint detail page.

Reading results and diffs

Endpoint detail page

Click any endpoint in your dashboard to see its detail page. The tabs show:

Schema — A collapsible tree view of the current response structure with type badges for each field.
Drift History — A timeline of all detected changes with severity badges and acknowledge/resolve actions.
Response Time — An interactive chart showing latency over 24h, 7d, or 30d with p50/p95/p99 statistics.
Status Codes — Distribution of HTTP status codes, redirect tracking, and response size stats.
Uptime — A 30-day uptime bar showing daily availability as a color-coded visualization.
SSL — Certificate status, issuer, and days until expiry (for HTTPS endpoints).

Reading a schema diff

When you click on a drift event, the schema diff viewer shows a side-by-side comparison of the previous and current schemas:

Green highlights indicate added fields — new data in the response.
Red highlights indicate removed fields — data your code may depend on.
Yellow highlights indicate type changes — a field's data type changed (e.g. number to string).

Changes are reported with dot-notation paths (e.g. data.user.email) so you can pinpoint exactly where in the response structure the change occurred.

MCP tool diffs

For MCP server endpoints, drift events show tool-level changes instead of field-level changes:

Tool added/removed — A tool appeared in or disappeared from the server's catalog.
Description changed — A tool's description text was modified.
Input schema changed — A tool's parameters changed, with expandable field-level details.

Refreshing the baseline

If an API change is expected (e.g. after a planned migration), you can click Refresh Baseline on the endpoint detail page. This re-polls the endpoint and sets the current response as the new baseline, clearing the slate for future comparisons.

Metric alerts

Available on Starter plans and above, metric alerts let you set threshold rules on performance data.

Metrics — Response time, status code, SSL expiry, response size, availability.
Operators — Greater than, less than, equals, not equals.
Consecutive intervals — The rule must breach for N consecutive polls before firing (default 3). This prevents noisy alerts from one-off spikes.
Cooldown — After firing, repeat alerts are suppressed for a configurable period (default 60 minutes).
Auto-resolve — Optionally get notified when the condition heals.

Create metric alert rules from the endpoint detail page under the Alert Rules section.

Working with organizations

Organizations let teams share endpoints, alerts, and settings.

Personal org — Created automatically when you sign up. Your endpoints live here by default.
Create an org — Go to Dashboard → New Organization and set a name and slug.
Invite members — From Org Settings → Members, invite by email. Assign roles: Viewer (read-only), Editor (manage endpoints), or Admin (full control).
Switch orgs — Use the org switcher dropdown in the dashboard nav to switch between your organizations.
Status pages — Admins can enable a public status page for the org at /status/your-org-slug, showing real-time endpoint health, uptime, and SSL status.

Ready to get started?

Monitor your first API endpoint in under a minute.