Skip to main content
GET
/
api
/
settings
/
feature-flag
/
{key}
curl -X GET 'http://localhost:5079/api/settings/feature-flag/public_sharing'

{
  "key": "public_sharing",
  "enabled": true
}

Authentication

Not Required: [AllowAnonymous] (Line 31) Feature flags are public

Path Parameters

key
string
required
Feature flag keyValidation (Lines 36-44):
if (string.IsNullOrWhiteSpace(key)) {
    return BadRequest("Feature flag key is required");
}
Known Keys:
  • public_sharing: Enables public/unlisted thread access
Unknown Keys: Default behavior not enforced by server contract (service returns false assumed)

Response

key
string
Echo of requested feature flag key (Line 50)
enabled
boolean
Feature flag status (Line 51)Values:
  • true: Feature enabled
  • false: Feature disabled or doesn’t exist
curl -X GET 'http://localhost:5079/api/settings/feature-flag/public_sharing'

{
  "key": "public_sharing",
  "enabled": true
}

Side Effects

Database Reads (Line 46): 
var enabled = await _settingsService.GetFeatureFlagAsync(key);
Tables Read:
  • system_settings table
Query: 
SELECT value FROM system_settings WHERE key = {key}
No Database Writes: Read-only endpoint

Authorization

Public Access: No authentication required Security: Feature flag keys/values visible to anyone

Permissions

Who Can Read: Anyone (unauthenticated access allowed)

Edge Cases

  1. Empty key: 400 error (Lines 36-44)
  2. Whitespace-only key: 400 error (Lines 36-44)
  3. Unknown key: Returns false (service-level default, not enforced by server contract)
  4. Null key: 400 error
  5. Case sensitivity: Not enforced by server contract (service-dependent)

Error Conditions

CodeHTTPCauseController Line
INVALID_REQUEST400Key null/empty/whitespace36-44
SETTINGS_ERROR500Service exception54-62
Exception Handling (Lines 54-62): 
catch (Exception ex) {
    return StatusCode(500, new { error = ex.Message, code = "SETTINGS_ERROR" });
}

Behavioral Guarantees

Default Value: false for unknown keys (service-level, not enforced by server contract) Idempotency: YES (same key always returns same value until changed) Cache-Safe: Can be cached (feature flags change infrequently)

Known Feature Flags

public_sharing:
  • Controls thread visibility for public/unlisted threads
  • Used by ThreadsController (Lines 134, 216)
  • When false: All threads owner-only
  • When true: Public/unlisted threads accessible anonymously
Future Flags: Additional flags not enforced by server contract

Use Cases

Frontend Configuration:
  • Check if features should be shown/hidden
  • Enable/disable UI components based on flags
Backend Decisions:
  • ThreadsController checks public_sharing for access control
A/B Testing: Feature flags can enable gradual rollouts

Performance

Query Complexity: Single SELECT by primary key Index: system_settings.key should be indexed Response Time: Sub-10ms (simple key-value lookup) Caching: Not documented in controller (service may cache)

Security Implications

Public Visibility: Feature flag names and values exposed
  • No sensitive data should be in feature flags
  • Use for boolean toggles only
No Rate Limiting: Public endpoint, could be abused (not enforced by server contract)