⚑ Flowfull

Authorization and custom backend, zero boilerplate

Build your backend on Flowfull with Flowless-grade security. Scopes, roles, plans, and flags enforced in one consistent layer.

Try FlowfullView docs

Flowfull is your custom backend, made simple

Pubflow is universal: use any programming language, keep your architecture, and plug in Flowless-grade security through middleware or bridge validation.

Universal by design
Flowfull starter kits help you ship fast without losing control of your backend architecture.

Official starter kits

  • Flowfull Node Starter

    Official Node.js/TypeScript reference starter

    Open repo

  • Flowfull Python Starter

    Fast backend starter for Python teams

    Open repo

  • Flowfull Go Starter

    Compiled performance with Flowfull concepts

    Open repo

  • Flowfull Elixir Starter

    Functional backend workflows with Flowfull

    Open repo
Custom backend firstAny languageBridge / validate ready
Use libraries or validate directly
Choose the style that fits your stack: client helpers, route middleware, or direct bridge validation in backend routes.
  • β€’ Use @pubflow/flowfull-client for fast API calls + session handling
  • β€’ Use bridge validation in custom backend routes
  • β€’ Enforce auth, plans, and roles in one consistent layer
import { Hono } from 'hono';
import { optionalAuth } from '../lib/auth/auth-middleware';
import { validateBridgeSession } from '../lib/auth/middleware';

const app = new Hono();

// Public + authenticated behavior in one handler
app.get('/payment-methods', optionalAuth(), async (c) => {
  const user = c.get('user');
  if (!user) return c.json({ methods: [], authenticated: false });

  return c.json({ methods: await listUserMethods(user.id), authenticated: true });
});

// Strictly protected route with bridge validation
app.get('/api/profile', async (c) => {
  const auth = await validateBridgeSession(c);
  if (!auth?.isValid || !auth.user) {
    return c.json({ success: false, error: 'Unauthorized' }, 401);
  }

  return c.json({ success: true, user: auth.user });
});

Why Flowfull

Consistent authorization across every API.

Secure APIs
Routing, token validation, and scopes ready for production.
Flowless native
Every request is validated automatically with Flowless + Bridge.
Flexible middleware
Authorize by user_type, plans, or flags with zero boilerplate.
Observability
Structured logs and metrics for every request crossing Flowfull.

Middleware that stays out of the way

Validate tokens, enforce roles, and drop unauthorized requests in milliseconds.

  • β€’ Accepts Flowless tokens by default
  • β€’ Masks sensitive errors and normalizes responses
  • β€’ Works on serverless and long-lived servers
Quick example
Authorization middleware
import { createFlowfull } from '@pubflow/flowfull-client';

const api = createFlowfull('https://api.example.com');

// Login
const response = await api.post('/auth/login', {
  email: 'user@example.com',
  password: 'password123'
});

// Session is automatically stored!
console.log('Logged in:', response.user);

// All future requests include the session
const profile = await api.get('/profile');

Bridge validates the token, Flowfull enforces roles.

100%
Requests validated via Flowless
<15 ms
Typical middleware latency
3
Lines to enforce roles

Ship Flowfull now

Protect your APIs without writing authorization boilerplate.

Create accountTalk to sales