Documentation API Reference
Authentication
Flowcept uses secure session-based authentication. This guide covers how authentication works and best practices for integrations.
How Authentication Works
Flowcept authenticates users via:
- Email & Password - Traditional sign-up and login
- OAuth Providers - Google and GitHub
Upon successful login, a secure HTTP-only cookie is set containing your session token. This token is automatically sent with all subsequent requests.
Session Security
- Sessions expire after 7 days of inactivity
- Tokens are stored in HTTP-only cookies (not accessible via JavaScript)
- All API requests are served over HTTPS
- Password hashing uses bcrypt with salt rounds
API Access
Currently, Flowcept uses server actions for all data operations rather than a public REST API. This means all mutations happen server-side with automatic session validation.
Public API Coming Soon
A public REST API with personal access tokens is on our roadmap. This will enable third-party integrations and automation.
Jira Integration Authentication
When importing from Jira, you provide:
- Jira Domain - Your Atlassian workspace URL
- Email - Your Jira account email
- API Token - Generated from Atlassian account settings
Note: Your Jira credentials are used only for the import session and are never stored permanently.