Decide API
/decide evaluates every feature flag of a project for one distinct id, and returns the project’s session-recording config. It’s what the SDK calls at init and after identify()/reset(); you can call it directly from anywhere that can’t use the SDK.
POST https://ingest.kilden.io/decideContent-Type: application/jsonSame host as capture — SDKs need a single apiHost for events and flags.
Request
Section titled “Request”{ "write_key": "YOUR_PUBLIC_WRITE_KEY", "distinct_id": "user_4821", "person_properties": { "plan": "enterprise" }}| Field | Required | Notes |
|---|---|---|
write_key |
yes | Public keys only. A secret key is rejected with 403 — it must never leave your backend, and /decide never needs it |
distinct_id |
yes | The id to evaluate for — the same one your events carry |
person_properties |
no | Overrides the person’s stored traits for this evaluation only. Nothing is ever written; the event pipeline remains the only way to mutate persons |
Body limit: 64 KiB. Cohort-based targeting is resolved server-side from precomputed cohort membership — there’s nothing to send.
Response
Section titled “Response”{ "flags": { "new-checkout": true, "pricing-test": "variant-b", "sunset-legacy-ui": false }, "sessionRecording": { "enabled": true, "sampleRate": 0.1 }}flags— every flag in the project, evaluated fordistinct_id. Values:true,false, or a variant key string for multivariate flags. Inactive flags come back asfalse, so a consumer can distinguish “off” from “unknown flag”.sessionRecording— the project’s session replay remote config: the kill switch and sample rate the SDK obeys.{"enabled": false, "sampleRate": 0}when recording is off.
Evaluation is deterministic: the same flag key and distinct id always produce the same value, across requests, replicas and deploys. See deterministic bucketing.
Errors
Section titled “Errors”Errors are plain text, not JSON:
| Status | Meaning |
|---|---|
400 |
invalid JSON body: … (including bodies over 64 KiB) or write_key and distinct_id are required |
401 |
unknown write_key |
403 |
secret keys must never leave your backend; call /decide with the project's public write key — or origin not allowed (same allowed-origins check as capture) |
405 |
Method other than POST/OPTIONS |
Example
Section titled “Example”curl -X POST https://ingest.kilden.io/decide \ -H 'Content-Type: application/json' \ -d '{"write_key": "pk_your_public_key", "distinct_id": "user_4821"}'Identical to capture: Access-Control-Allow-Origin: * on every response; preflight OPTIONS → 204 with Access-Control-Allow-Methods: POST and Access-Control-Max-Age: 86400.
Freshness
Section titled “Freshness”Flag config changes are visible within ~10 seconds; person traits and cohort membership are cached for ~30 seconds in the evaluation path; cohort membership itself is materialized about every 10 minutes. If you need a property override to apply immediately, pass it in person_properties.