Bearer-token auth
Authenticate with a single header — Authorization: Bearer fmz_…. The legacy X-API-Key header keeps working for existing integrations.
Authorization: BearerHashed at restShown once
Scoped & expiring keys
Restrict each key to the operations an integration needs, give it an optional expiry, and revoke it the moment it's no longer used.
Granular scopesOptional expiryInstant revoke
Per-key rate limits
Each key gets its own sliding-window budget, and every response carries X-RateLimit headers so you can back off gracefully.
60 req / min / keyX-RateLimit headers429 + retryAfter
Field storage
Store, list, update, and delete the form data behind autofill. Duplicate values are detected and collapsed automatically.
Up to 100 / requestDedup built inEncrypted values
Semantic autofill
Send a page's labels and get ranked, confidence-scored matches from the same engine that powers the extension — fully self-hosted.
Context-aware rankingConfidence scoresComposite matches
OpenAPI 3.1 spec
Generate clients in any language from the live spec, or drop it into Postman, Insomnia, or your editor of choice.
/api/v1/openapi.jsonTyped schemasClient codegen