Chameleon API
Provides a REST API for managing Chameleon in-app product tours, tooltips, surveys, and user targeting rules, enabling agents to programmatically control user guidance experiences and retrieve completion data.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Single secret key with no scope granularity. The distinction between publishable and secret keys is important; leaking the secret key exposes full account management. SOC2 certified.
⚡ Reliability
Best When
An agent needs to manage the lifecycle of in-app tours and surveys programmatically, or retrieve user interaction data to drive onboarding automation outside the Chameleon UI.
Avoid When
You need deep product usage analytics beyond tour interaction data; pair Chameleon with a dedicated analytics platform for that use case.
Use Cases
- • Create or update tour and tooltip content programmatically from a CMS or localization pipeline without using the Chameleon visual editor
- • Retrieve survey responses (microsurveys, NPS) to feed customer feedback into product management or CRM workflows
- • Update user profile properties via the API so tour targeting logic reflects current plan, role, or feature access
- • Track tour completion and dismissal events via webhooks to trigger downstream onboarding or success workflows
- • Publish or unpublish tours programmatically as part of a feature flag or release management pipeline
Not For
- • Rendering tours in the browser — the JavaScript snippet is required for all in-app UI display
- • Full product analytics with retention, funnel, and cohort analysis; Chameleon is a guidance tool, not an analytics platform
- • Native mobile app guidance where the web JS snippet is not embeddable
Interface
Authentication
API key passed as X-Account-Secret header. Separate publishable key used for client-side JS SDK. Server-side key provides full account access with no granular scopes.
Pricing
Free tier does not require a credit card. API access is available across all tiers, including free.
Agent Metadata
Known Gotchas
- ⚠ Tour publishing state (draft vs live) is controlled separately from content; updating a tour's content does not automatically republish it — agents must explicitly set the live state
- ⚠ User profile updates via the API take effect asynchronously and may not immediately affect tour targeting for active sessions
- ⚠ The publishable key and secret key serve different contexts and are easy to confuse; using the secret key client-side is a security vulnerability
- ⚠ Webhook payloads are signed but signature verification documentation is sparse — agents should validate signatures to prevent spoofing
- ⚠ The free tier tour limit (3 tours) is enforced at creation time; API calls to create additional tours will fail with a plan limit error that must be handled gracefully
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Chameleon API.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.