Flowless

Appearance

What is Flowless?

Flowless is a fully managed authentication backend service provided by Pubflow. It handles all aspects of user authentication, session management, and security for your applications, allowing you to focus on building your core product.

Overview

Flowless is designed to be the authentication layer for modern applications. Instead of building and maintaining your own authentication system, you create a Flowless instance on Pubflow.com and integrate it with your application through a simple REST API.

Key Characteristics

  • Fully Managed - Pubflow handles deployment, scaling, updates, and maintenance
  • Production Ready - Enterprise-grade security and 99.9% uptime SLA
  • Developer Friendly - RESTful API with comprehensive documentation
  • Framework Agnostic - Works with any frontend or backend technology
  • Scalable - Automatically scales from 10 to 10 million users

Core Responsibilities

Flowless handles everything related to user authentication and management:

1. User Authentication

  • Email/password registration and login
  • Username-based authentication
  • Email verification
  • Password reset flows
  • Multi-factor authentication (coming soon)

2. Session Management

  • Secure session creation and validation
  • Session refresh mechanism
  • Multi-device session support
  • Device-bound sessions
  • Automatic session cleanup

3. Social Authentication

  • OAuth 2.0 integration
  • Supported providers:
    • Google
    • Facebook
    • GitHub
    • Twitter
    • LinkedIn
    • Custom OAuth providers

4. User Management

  • User profile management
  • Account deletion
  • User search (admin)
  • Ban/unban users (admin)
  • Custom user metadata

5. Token Authentication

  • API token generation
  • Token-based login
  • Token validation
  • Token revocation

6. Security Features

  • Argon2 password hashing
  • Session encryption (SHA-256)
  • Rate limiting
  • IP validation
  • Device fingerprinting
  • Automatic DDoS protection

7. Email Service

  • Email verification
  • Password reset emails
  • Custom email templates
  • Multi-language support
  • ZeptoMail integration

8. Bridge Validation

  • Trust token generation (PASETO)
  • Secure backend communication
  • Validation modes: STANDARD, ADVANCED, STRICT
  • IP and device validation

How It Works

The Flow

  1. User Authentication - Your frontend calls Flowless to register/login users
  2. Session Creation - Flowless creates a secure session and returns a session ID
  3. API Calls - Your frontend includes the session ID in requests to your backend
  4. Session Validation - Your backend (Flowfull) validates the session with Flowless
  5. Trust Token - Flowless returns a trust token with user data
  6. Protected Resources - Your backend serves the protected resource

What Flowless is NOT

It's important to understand what Flowless doesn't do:

  • Not a complete backend - You still need your own backend (Flowfull) for business logic
  • Not a database - You manage your own application data
  • Not self-hosted - Flowless is a managed service only
  • Not a CMS - It's purely for authentication and user management

Flowless vs. Traditional Auth

FeatureFlowlessTraditional Auth
DeploymentInstant (create instance)Days/weeks of setup
MaintenanceFully managed by PubflowYou maintain everything
Security UpdatesAutomaticManual updates required
ScalingAutomaticManual scaling
CostPay per userInfrastructure + dev time
ComplianceGDPR, SOC 2 includedYou handle compliance
MonitoringBuilt-in dashboardBuild your own
Email ServiceIncludedIntegrate separately

Use Cases

Flowless is perfect for:

SaaS Applications - Multi-tenant apps with user authentication
Mobile Apps - React Native, Flutter, native iOS/Android
Web Applications - React, Next.js, Vue, Angular
API Services - Token-based authentication for APIs
Marketplaces - User registration and social login
Internal Tools - Admin dashboards and employee portals

Next Steps

Ready to get started?