Live API

Let other people's code call your thing over the network — they send a request, get a result back, and never run or see the code behind it. Your logic, data, and keys stay on your side; they wire your capability into their script or app. Update it once and every caller gets the new behaviour on their next request.

Reach for it when the value is a computed answer their program will use — a score, a lookup, a forecast — not a page a human reads. Skip it when they just want to click a finished thing (deploy a website), or their agent should call it in plain language mid-task (MCP server).

Last verified: 2026-06-07 · checked against fastapi.tiangolo.com and the Fly/Vercel deploy docs · Confidence: high on the auto-docs, the key gate, and the hosting model.

It allows you to

Hand out a capability, not the code. Callers reach your service at a URL and get an answer; your logic, data, and keys stay on your side. [confirmed]
Let their program automate against you. They write one request in their own code and get back JSON — no copy-paste, no UI, no copy of your files to keep in sync. [confirmed]
Update once; every caller follows. Change the behaviour and redeploy — the next request returns the new result, no version to re-send. [confirmed]
Ship a how-to-use-it page for free. The framework generates an interactive page where callers try real requests in the browser — you write no manual. Details. [confirmed]
Set who's allowed in — open, key-gated, or behind a login. Details: Who can get in.

Ideal for

A scoring or classification service a team's tools all call — one /score endpoint that rates text for toxicity, hit by a triage script, a dashboard, and a teammate's notebook alike — change the model once and all three pick it up, none holding a copy.
An internal data API behind a key — a partner org's grants or risk records served as JSON to the few collaborators you've handed a key, raw database and credentials never leaving your side.
A live forecasting feed other people build on — like Metaculus's API, serving questions and predictions as JSON that bots and research tools query over HTTP, and submit their own predictions to with a token. [confirmed] (Want the agent-native version? → MCP server.)

Who can get in

Open, key-gated, or login-gated. A *.fly.dev URL is public the moment it's live. Lock the data routes with an API key (a shared secret), or a login wall for per-person sign-in. [confirmed]
Cut a key off. Rotate the secret and redeploy; old keys stop working. (Anything already fetched is theirs — true everywhere.) [confirmed]

Which rungs it can hold. A bare key is one shared secret — it can't tell named people apart, so it's the whole internet with the key as the only lock; the login route reaches named people / org-only. → Who can see it? [confirmed]

Handing data to the host. Your service and the data it touches sit on whatever app host you deploy to; keep keys as host secrets, never in the code. → Can you trust the company?, specifically Fly or Vercel. [confirmed]

What you do to set it up

Ask: tell Claude Code "build a small API that does \<the one thing — e.g. score this text for toxicity>, lock it with an API key kept out of the code, and deploy it." It writes a FastAPI app, wires the key check in, and ships it. ~2 min to brief; the real cost is the deploy. [confirmed]
One-time, in order:
1. Set up Claude Code — writes, tests, and deploys it, ~10 min once.
2. A host account to run it on — the default is Fly: your agent can't click signup or enter the card (anti-abuse, not a charge), ~3 min once. The un-delegable step.
Full walkthrough — Build and share an API (Vercel is the zero-server alternative). Rather do it by hand? → by-hand section. [confirmed]

What the other person does

Call it: hand them the URL and their key; from their own code it's one request — requests.get(url, headers={"X-API-Key": key}) — and JSON comes back. Floor ~3 min. [confirmed]
Or skip the code: their agent can write the request after reading your /docs page, or they try routes by hand in the browser. All three paths. [estimate]
Pay: nothing — calling is free to them; the running cost (near $0 when idle on Fly) is yours. [confirmed]

Want an agent to call it in plain language, deciding when mid-task? → an MCP server — the agent-native equivalent: their agent snaps in a connector instead of writing request code.
It's really just shared data people read or edit, not a computed answer? → a Google Sheet — a live table anyone you allow opens and changes, no service to run.
A page a human clicks, not an answer a program uses? → deploy a website. (Where the API itself lives: Fly, its default home.)

Sources

FastAPI — features (auto OpenAPI + interactive docs) — Swagger UI at /docs, ReDoc at /redoc, generated from your code
FastAPI — Security reference (APIKeyHeader) — read a key from a named header, 401 by default, shown in the Swagger Authorize box
Deploy a FastAPI app on Vercel — zero-config FastAPI as a serverless function
Metaculus API (in-the-wild example) — official, token-authenticated forecasting API over HTTP
Detail: Live API fine print · Setup: Build and share an API · Host: Deploy to Fly, data handling on Fly / Vercel

Good to know

/docs is public too. The free try-it-out page sits at an open route, so anyone who finds the URL sees every endpoint you offer — handy, but it means the shape of your API isn't a secret, only the data behind the key. [confirmed]
The full fine print — what /docs, /redoc, and /openapi.json each give you, exactly what a shared key does and doesn't lock, and where your data sits — is on one page: Live API fine print. [confirmed]