Frequently Asked Questions

API schema drift happens when a third-party API changes its response structure — new fields added, fields removed, data types changed, or nested objects restructured. These silent changes can break your integration code without any warning from the API provider.

FlareCanary periodically calls each API endpoint you monitor and captures the response structure. It compares the current response schema against the stored baseline and detects any differences — new fields, removed fields, type changes, and structural modifications. Changes are classified by severity (info, warning, or breaking).

FlareCanary can monitor any HTTP/HTTPS API endpoint that returns JSON responses. This includes REST APIs, GraphQL endpoints (via POST), and any public or authenticated API. You can add custom headers for authentication (Bearer tokens, API keys, etc.).

Check frequency depends on your plan. The Free plan checks daily (every 24 hours). The Starter plan ($19/month) checks hourly. The Pro plan and above ($49+/month) check every 15 minutes. You can configure the interval per endpoint within your plan's limits.

Yes! The Free plan includes monitoring for up to 5 API endpoints with daily checks, email alerts, and 7 days of drift history. Paid plans start at $19/month for more endpoints and faster check intervals.

FlareCanary supports email alerts and webhook notifications. You can configure alert destinations globally or per-endpoint. Each alert includes the severity level, a summary of what changed, and a link to the full schema diff.

Yes. When adding an endpoint, you can specify custom HTTP headers (like Authorization: Bearer your-token or X-API-Key: your-key). FlareCanary sends these headers with every poll request. You can also specify a request body for POST/PUT/PATCH endpoints.

Uptime monitors check if an API is responding (status codes, latency). FlareCanary goes deeper — it analyzes the actual response structure. An API can return 200 OK while completely changing its response format, breaking your code. FlareCanary catches these structural changes that uptime monitors miss.

FlareCanary stores only the inferred schema structure of your API responses — not the actual response data. This means field names, data types, and structural relationships are captured, but no sensitive values or payload content is stored.

Yes! Every FlareCanary account includes organization support. You can create an org, invite team members, and share monitored endpoints across your team. Each member gets their own login and can view drift history and alert configurations. Team plans (Startup and Enterprise) include dedicated seat management and higher limits.

Yes. FlareCanary supports Model Context Protocol (MCP) server monitoring alongside REST APIs. It connects to your MCP server via Streamable HTTP, discovers the tool catalog, and alerts you when tools are added, removed, or when their input schemas change. Just toggle to 'MCP Server' when adding an endpoint and provide the server URL.

FlareCanary stores headers you provide (like Authorization tokens or API keys) so it can authenticate when polling your endpoints. Sensitive header values are encrypted at rest using AES-256-GCM encryption. The actual API response data is never stored — only the inferred schema structure (field names and types).

No. FlareCanary includes a Header Helper that lets you add Bearer tokens, Basic Auth credentials, or custom API key headers through a simple form. It generates the correct JSON for you and merges it with any existing headers.

Drift alerts notify you when the structure of an API response changes — new fields, removed fields, or type changes. Metric alerts (Starter plan and above) notify you when performance thresholds are breached — for example, response time exceeding 500ms for 3 consecutive checks, or SSL certificate expiring within 7 days.

You'll see a clear message in the dashboard and won't be able to add new endpoints until you upgrade or remove existing ones. Your current endpoints continue to be monitored normally. If you downgrade, excess endpoints are paused automatically (most recently added first).

Yes. Pro plan and above includes webhook alert destinations. You can send drift notifications to any URL — Slack incoming webhooks, PagerDuty, Opsgenie, or your own custom handler. Each webhook receives a JSON payload with the event type, severity, changes, and a link to the full diff.

Yes. Every organization can enable a public status page at /status/your-org-slug. It shows real-time health (operational, degraded, or down), 30-day uptime bars, average response times, and SSL certificate status for all active endpoints. You can also keep it private so only org members can view it. The status page data is available via the API for programmatic integration.

For MCP server endpoints, FlareCanary tracks both JSON-RPC protocol errors (like -32601 Method Not Found or -32603 Internal Error) and connection-level failures (timeouts, auth failures, connection refused). The endpoint detail page shows an error distribution chart and state transitions so you can see when your MCP server started failing and what type of errors occurred. You can also set metric alerts for specific JSON-RPC error codes — choose "Any JSON-RPC error" to catch all errors, or select one or more specific codes (including custom codes) to alert on exactly what you care about.

Yes. On the Status Codes card for any REST endpoint, you can choose "Any HTTP error (4xx / 5xx)" to alert on all errors, or select specific status codes from a checklist — 400, 401, 403, 404, 429, 500, 502, 503, 504, or any custom code. Check one or many; the alert fires if any of your selected codes occur for the configured number of consecutive checks. This gives you precise control, e.g. alert on 503 but not 404.