⚑ Flowfull

Your backend, powered by the Trust Layer Standard

Build APIs and business logic in your architecture. Validate trust with Flowless. Keep full control of how your product grows.

Flowfull is where your product logic lives: monolith, custom backend, or microservices. Pubflow gives you the trust pattern, while you keep the code, services, and architectural decisions.

Monolith-readyCustom backendMicroservices-friendlyBridge validated
Start with FlowfullView docsExplore schema
What Flowfull helps you do
Move faster without giving up architectural freedom.

Freedom

Keep your language, your services, your database, and your deployment strategy.

Architecture

Start simple as one backend, then evolve into domain-specific services when the product demands it.

Adoption

Use schema references, starter kits, and bridge validation to integrate progressively into existing apps.

Choose the architecture that fits your team

Flowfull does not force one backend style. You can evolve from simple to advanced without platform lock-in.

Monolith first
Keep everything in one backend service for speed and clarity in early stages.

Meaning: one deployable backend where business logic, your services, and APIs live together.

Custom backend
Design your own route structure, domain logic, and integrations while keeping Flowless trust validation.

Meaning: your architecture, your rules, with Pubflow standards integrated where needed.

Microservices design
Split services by domain when scale or team structure requires independent ownership.

Meaning: independent services with shared trust patterns through bridge validation.

Flowfull is your custom backend, made simple

Pubflow is universal: use any programming language, keep your architecture, and plug in Flowless-grade security through middleware or bridge validation.

Universal by design
Flowfull starter kits help you ship fast without losing control of your backend architecture.

Official starter kits

  • Flowfull Node Starter

    Official Node.js/TypeScript reference starter

    Open repo

  • Flowfull Python Starter

    Fast backend starter for Python teams

    Open repo

  • Flowfull Go Starter

    Compiled performance with Flowfull concepts

    Open repo

  • Flowfull Elixir Starter

    Functional backend workflows with Flowfull

    Open repo
Custom backend firstAny languageBridge / validate ready
Use libraries or validate directly
Choose the style that fits your stack: client helpers, route middleware, or direct bridge validation in backend routes.
  • β€’ Use @pubflow/flowfull-client for fast API calls + session handling
  • β€’ Use bridge validation in custom backend routes
  • β€’ Enforce auth, plans, and roles in one consistent layer
import { Hono } from 'hono';
import { optionalAuth } from '../lib/auth/auth-middleware';
import { validateBridgeSession } from '../lib/auth/middleware';

const app = new Hono();

// Public + authenticated behavior in one handler
app.get('/payment-methods', optionalAuth(), async (c) => {
  const user = c.get('user');
  if (!user) return c.json({ methods: [], authenticated: false });

  return c.json({ methods: await listUserMethods(user.id), authenticated: true });
});

// Strictly protected route with bridge validation
app.get('/api/profile', async (c) => {
  const auth = await validateBridgeSession(c);
  if (!auth?.isValid || !auth.user) {
    return c.json({ success: false, error: 'Unauthorized' }, 401);
  }

  return c.json({ success: true, user: auth.user });
});

Already have an existing app?

Adopt Flowfull progressively. You do not need to rewrite everything to gain better trust and backend structure.

Step 1

Map your current model

Use the schema reference to compare users, sessions, and auth tables with your existing data model.

Step 2

Integrate trust in critical routes

Start by protecting your most sensitive endpoints with bridge validation and role checks.

Step 3

Evolve at your own pace

Keep monolith, hybrid, or microservices architecture while gradually moving to cleaner contracts.

Open schema referenceSee developer architectureBrowse starter kits

Why Flowfull

Consistent authorization across every API.

Secure APIs
Routing, token validation, and scopes ready for production.
Flowless native
Every request is validated automatically with Flowless + Bridge.
Flexible middleware
Authorize by user_type, plans, or flags with zero boilerplate.
Observability
Structured logs and metrics for every request crossing Flowfull.

Middleware that stays out of the way

Validate tokens, enforce roles, and drop unauthorized requests in milliseconds.

  • β€’ Accepts Flowless tokens by default
  • β€’ Masks sensitive errors and normalizes responses
  • β€’ Works on serverless and long-lived servers
Quick example
Authorization middleware
import { createFlowfull } from '@pubflow/flowfull-client';

const api = createFlowfull('https://api.example.com');

// Login
const response = await api.post('/auth/login', {
  email: 'user@example.com',
  password: 'password123'
});

// Session is automatically stored!
console.log('Logged in:', response.user);

// All future requests include the session
const profile = await api.get('/profile');

Bridge validates the token, Flowfull enforces roles.

100%
Requests validated via Flowless
<15 ms
Typical middleware latency
3
Lines to enforce roles

Ship Flowfull now

Protect your APIs without writing authorization boilerplate.

Create accountTalk to sales