Instance Configuration

Configure your Flowless instance settings through the Pubflow dashboard.

---

Accessing Configuration

1. Log in to Pubflow.com
2. Navigate to your Flowless instance
3. Click on "Settings" or "Configuration"

---

General Settings

Instance Information

Instance Name

• Current: Your instance name
• URL: https://your-instance-name.pubflow.com
• Cannot be changed after creation

Region

• Current: Your selected region
• Cannot be changed after creation
• Affects latency and data residency

Plan

• Current Plan: Free, Pro, or Enterprise
• Upgrade/Downgrade: Available in settings
• Billing: Monthly or annual

---

Authentication Settings

Session Configuration

Session Duration

• Default: 7 days
• Range: 1 hour to 30 days
• Recommendation:
  • Web apps: 7 days
  • Mobile apps: 30 days
  • High-security apps: 1-3 days

{
  "session_duration_days": 7
}

Session Refresh

• Auto-refresh: Extend session on activity
• Refresh window: Last 24 hours before expiration
• Enabled by default: Yes

Email Verification

Verification Mode

• Required: Users must verify before login
• Optional: Users can login without verification
• Disabled: No verification emails sent

{
  "email_verification": "required"
}

Verification Link Expiration

• Default: 24 hours
• Range: 1 hour to 7 days

Password Requirements

Configure password strength requirements:

{
  "password_min_length": 8,
  "password_require_uppercase": true,
  "password_require_lowercase": true,
  "password_require_numbers": true,
  "password_require_special": true
}

Custom Password Rules

• Min Length: 6-32 characters
• Uppercase: A-Z required
• Lowercase: a-z required
• Numbers: 0-9 required
• Special: !@#$%^&* required

---

Security Settings

Validation Mode

Choose how strictly sessions are validated:

STANDARD (Default)

VALIDATION_MODE=STANDARD

• Validates session ID
• Validates IP address
• Best for: Most applications

ADVANCED

VALIDATION_MODE=ADVANCED

• Validates session ID
• Validates IP address
• Validates device ID
• Best for: Mobile applications

STRICT

VALIDATION_MODE=STRICT

• Validates session ID
• Validates IP address
• Validates device ID
• Validates user agent
• Best for: High-security applications

Rate Limiting

Configure rate limits for different endpoints:

{
  "rate_limits": {
    "login": {
      "max_requests": 5,
      "window_minutes": 15
    },
    "register": {
      "max_requests": 3,
      "window_minutes": 60
    },
    "password_reset": {
      "max_requests": 3,
      "window_minutes": 60
    },
    "api_calls": {
      "max_requests": 100,
      "window_minutes": 1
    }
  }
}

IP Whitelisting (Enterprise)

Restrict access to specific IP addresses:

{
  "ip_whitelist": [
    "192.168.1.0/24",
    "10.0.0.0/8"
  ]
}

---

Email Configuration

See Email Setup for detailed email configuration.

Email Provider

• Default: ZeptoMail (included)
• Custom SMTP: Enterprise plan only

Email Templates

• Verification email
• Password reset email
• Welcome email
• Account deletion confirmation

---

Social Authentication

See Social Auth Setup for detailed OAuth configuration.

Supported Providers

• Google
• Facebook
• GitHub
• Twitter
• LinkedIn
• Custom OAuth 2.0

---

Advanced Settings

Database

Database Type

• PostgreSQL (Recommended)
• MySQL
• LibSQL
• SQLite (Free plan only)

WARNING

Database type cannot be changed after creation. Contact support for migration.

Connection Pool

{
  "database": {
    "max_connections": 20,
    "idle_timeout_seconds": 30
  }
}

Caching

Redis Configuration

{
  "cache": {
    "enabled": true,
    "ttl_seconds": 300,
    "max_memory_mb": 256
  }
}

Logging

Log Level

• DEBUG: All logs (development)
• INFO: Informational logs (default)
• WARN: Warnings and errors
• ERROR: Errors only (production)

{
  "log_level": "INFO"
}

---

Custom Domain (Pro/Enterprise)

Setup Custom Domain

1. Add Domain in settings
2. Add DNS Records:

   Type: CNAME
   Name: auth (or your subdomain)
   Value: your-instance.pubflow.com

3. Verify Domain
4. Enable SSL (automatic)

Example

Custom Domain: auth.yourdomain.com
Points to: your-instance.pubflow.com

---

Webhooks (Enterprise)

Configure webhooks for events:

{
  "webhooks": [
    {
      "url": "https://your-backend.com/webhooks/flowless",
      "events": ["user.created", "user.login", "user.deleted"],
      "secret": "webhook_secret_key"
    }
  ]
}

Available Events

• user.created
• user.login
• user.logout
• user.verified
• user.deleted
• user.banned
• session.created
• session.expired
• password.reset

---

Environment Variables

Export your configuration as environment variables:

# Instance
FLOWLESS_URL=https://your-instance.pubflow.com
BRIDGE_SECRET=your_bridge_secret

# Validation
VALIDATION_MODE=STANDARD

# Session
SESSION_DURATION_DAYS=7

# Email
EMAIL_VERIFICATION=required

# Rate Limiting
RATE_LIMIT_LOGIN=5
RATE_LIMIT_REGISTER=3

---

Next Steps

• Email Setup - Configure email service
• Social Auth - Set up OAuth providers
• Environment Variables - Complete env setup
• Monitoring - Monitor your instance