Flowless

Appearance

Authentication API ​

Complete reference for all authentication endpoints in Flowless.

Base URL ​

All API requests should be made to your Flowless instance:

https://your-instance-name.pubflow.com

Register User ​

Create a new user account with email and password.

Endpoint ​

http
POST /auth/register

Request Body ​

json
{
  "email": "user@example.com",
  "password": "SecurePassword123!",
  "name": "John",
  "last_name": "Doe",
  "username": "johndoe",
  "phone": "+1234567890"
}

Parameters ​

FieldTypeRequiredDescription
emailstringYesUser's email address (lowercase)
passwordstringYesPassword (min 8 chars)
namestringYesUser's first name
last_namestringNoUser's last name
usernamestringNoUnique username
phonestringNoPhone number

Response ​

json
{
  "success": true,
  "data": {
    "user": {
      "id": "usr_1234567890",
      "email": "user@example.com",
      "name": "John",
      "last_name": "Doe",
      "username": "johndoe",
      "phone": "+1234567890",
      "is_verified": false,
      "created_at": "2025-12-07T10:00:00Z"
    },
    "session": {
      "session_id": "ses_abcdefghijk",
      "expires_at": "2025-12-14T10:00:00Z"
    }
  }
}

Error Responses ​

json
// Email already exists
{
  "success": false,
  "error": "Email already registered"
}

// Invalid email format
{
  "success": false,
  "error": "Invalid email format"
}

// Weak password
{
  "success": false,
  "error": "Password must be at least 8 characters"
}

Example ​

javascript
const response = await fetch('https://your-instance.pubflow.com/auth/register', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    email: 'user@example.com',
    password: 'SecurePassword123!',
    name: 'John',
    last_name: 'Doe',
  }),
});

const data = await response.json();
console.log(data.data.session.session_id);

Login ​

Authenticate a user with email/username and password.

Endpoint ​

http
POST /auth/login

Request Body ​

json
{
  "email": "user@example.com",
  "password": "SecurePassword123!",
  "device_id": "device_abc123"
}

Parameters ​

FieldTypeRequiredDescription
emailstringYes*User's email (or username)
usernamestringYes*User's username (or email)
passwordstringYesUser's password
device_idstringNoDevice identifier for binding

*Either email or username is required

Response ​

json
{
  "success": true,
  "data": {
    "user": {
      "id": "usr_1234567890",
      "email": "user@example.com",
      "name": "John",
      "last_name": "Doe",
      "is_verified": true
    },
    "session": {
      "session_id": "ses_xyz123456",
      "expires_at": "2025-12-14T10:00:00Z"
    }
  }
}

Error Responses ​

json
// Invalid credentials
{
  "success": false,
  "error": "Invalid email or password"
}

// Account banned
{
  "success": false,
  "error": "Account has been banned"
}

// Email not verified (if required)
{
  "success": false,
  "error": "Please verify your email before logging in"
}

Get Current User ​

Get the authenticated user's information.

Endpoint ​

http
GET /auth/me

Headers ​

http
X-Session-ID: ses_xyz123456

Response ​

json
{
  "success": true,
  "data": {
    "id": "usr_1234567890",
    "email": "user@example.com",
    "name": "John",
    "last_name": "Doe",
    "username": "johndoe",
    "phone": "+1234567890",
    "picture": "https://example.com/avatar.jpg",
    "is_verified": true,
    "created_at": "2025-12-07T10:00:00Z"
  }
}

Logout ​

Invalidate the current session.

Endpoint ​

http
POST /auth/logout

Headers ​

http
X-Session-ID: ses_xyz123456

Response ​

json
{
  "success": true,
  "message": "Logged out successfully"
}

Refresh Session ​

Extend the current session's expiration time.

Endpoint ​

http
POST /auth/refresh

Headers ​

http
X-Session-ID: ses_xyz123456

Response ​

json
{
  "success": true,
  "data": {
    "session_id": "ses_xyz123456",
    "expires_at": "2025-12-21T10:00:00Z"
  }
}

Rate Limiting ​

Authentication endpoints are rate-limited to prevent abuse:

EndpointLimitWindow
/auth/register3 requests1 hour
/auth/login5 requests15 minutes
/auth/me100 requests1 minute
/auth/logout10 requests1 minute
/auth/refresh20 requests1 minute

Rate Limit Headers ​

http
X-RateLimit-Limit: 5
X-RateLimit-Remaining: 4
X-RateLimit-Reset: 1733570460

Next Steps ​