API Reference
FluoTest's public API is served through its MCP endpoint — a JSON-RPC 2.0 API over plain HTTPS that works with curl or any HTTP client, no MCP library required. You authenticate with a personal API key.
Last updated
How do I call the FluoTest API?
Generate an API key in Settings → Security → API keys, then POST JSON-RPC requests to https://fluotest.com/api/mcp with the key in an "Authorization: Bearer" header. The create_quiz and get_results tools are available today.
Getting an API key#
API keys are personal — every request made with a key acts as your user account, with the same permissions you have in the app.
- Open Settings → Security → API keys in your FluoTest dashboard.
- Enter a name that tells you where the key will be used (e.g. "Zapier script").
- Click Generate key and copy the fluo_… value immediately.
- Store it somewhere safe — a password manager, or your tool's secrets storage.
- Shown once: Only a SHA-256 hash of the key is stored — if you lose it, revoke it and generate a new one.
- Up to 10 keys: Create separate keys per tool or script so you can revoke one without breaking the others.
- Revocable anytime: Revoking a key takes effect immediately on the next request.
- Usage tracking: Each key shows when it was last used, so stale keys are easy to spot and clean up.
Authentication#
Send the key with every request in the Authorization header:
Authorization: Bearer fluo_YOUR_API_KEY
Connecting an AI assistant instead of writing code? See the MCP server guide →
Request format#
The endpoint is https://fluotest.com/api/mcp. Send POST requests with "Content-Type: application/json", an Accept header of "application/json, text/event-stream", and a JSON-RPC 2.0 body. No initialize handshake is required — you can call tools/list and tools/call directly.
Responses come back as a server-sent-events body: the JSON-RPC result is on the "data:" line, and each tool's payload is a JSON string inside result.content[0].text:
event: message
data: {"jsonrpc":"2.0","id":1,"result":{"content":[{"type":"text","text":"{\n \"quiz_id\": \"…\",\n \"status\": \"draft\", …}"}]}}Examples#
List available tools
curl -X POST https://fluotest.com/api/mcp \
-H "Authorization: Bearer fluo_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'Create a draft quiz
curl -X POST https://fluotest.com/api/mcp \
-H "Authorization: Bearer fluo_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "create_quiz",
"arguments": {
"title": "Customer readiness check",
"questions": [
{ "text": "Do you have a budget?", "type": "yes_no", "points": 2 },
{
"text": "Company size?",
"type": "multiple_choice",
"options": [
{ "label": "1-10", "score": 1 },
{ "label": "11-50", "score": 2 },
{ "label": "50+", "score": 3 }
]
}
]
}
}
}'Get quiz results
curl -X POST https://fluotest.com/api/mcp \
-H "Authorization: Bearer fluo_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{
"jsonrpc": "2.0",
"id": 2,
"method": "tools/call",
"params": {
"name": "get_results",
"arguments": { "quiz_id": "YOUR_QUIZ_ID" }
}
}'Errors#
Authentication problems use HTTP status codes; problems inside a tool call come back as a normal JSON-RPC response with isError set and the explanation in the content text.
| Status | Meaning |
|---|---|
| 401 | Missing, invalid, or revoked API key. Check the Authorization header and that the key still exists in Settings. |
| 400 | Malformed JSON-RPC body. Check the jsonrpc, id, method, and params fields. |
| 200 + isError | The tool call itself failed — for example a quiz_id you don't own, or a multiple_choice question with fewer than 2 options. The text content explains what to fix. |
FAQ#
Is there a rate limit?
There's no published hard limit today, but heavy automated traffic may be throttled to keep the service fast for everyone. Batch your work where you can.
Can I use OAuth instead of an API key?
Yes — OAuth is the recommended way to connect AI assistants like Claude, where the user approves access on a consent screen. API keys are the simpler option for scripts and clients that just send headers. See the MCP server guide for the OAuth setup.
What can the API do today?
Two operations: create_quiz (create a draft quiz with scored questions) and get_results (submission count and score breakdown for one of your quizzes). More operations are planned — tell us what you need via the feedback form in the dashboard.