Credential Handling

A high-level overview of credential handling in FlowMate

In order to simplify connecting to external applications, FlowMate offers a suite of functions to receive, store, and use application-specific credentials. All credentials are safely stored in an encoded form and only decoded for the duration of an API call.

Entering Credentials

Credentials are generally entered through the Integration Center. In the case of static authentication methods such as API keys or Basic Auth, this is done through a simple input form where the user can enter the necessary information. In the case of OAuth 2.0, the integration center will automatically guide the user through the OAuth process and process the provider response. Stored OAuth credentials will be automatically refreshed by FlowMate when necessary.

Auth Clients

For applications that use OAuth 2.0, you may need to set up your own OAuth app within those applications, in order to show your organization's branding as well as request the appropriate scopes. The information necessary for executing the OAuth process (such as client_id and client_secret ) can then be stored in a FlowMate resource called Auth Clients.

The process for setting up an Auth Client varies between providers. You can find some examples in the Connectors section.

Credential Passing

For your own application, you can also directly pass credentials for the end-users you create and manage. This means your own users do not need to enter those by hand, and also offers you fine-grained control over the content and format of the credentials you're passing.

For additional information on Credential Passing, check out the section on Embedding the Integration Center