Security & Access Control

Authentication - FormFlow

Enterprise-grade forms, zero code required

Configure secure access for developers, end-users, and enterprise directories. Follow our verified setup paths to integrate FormFlow with your existing identity infrastructure.

Generate API Keys

Programmatically interact with the FormFlow submission pipeline using scoped bearer tokens. Keys are tied to your workspace UUID and automatically rotate after 90 days.

1. Navigate to Developer Settings

Log into your FormFlow dashboard, select your workspace (e.g., `ws_a8f3k2m9`), and open the sidebar menu under Settings > API & Integrations.

2. Define Scopes & Permissions

Choose between `form.read`, `submission.write`, or `webhook.manage`. Keys inherit workspace-level RBAC policies set by your admin, like Sarah Chen (Admin, Acme Logistics).

3. Generate & Store Securely

Click Generate Key to receive a 64-character token prefixed with `ff_live_`. Store it in your environment variables or HashiCorp Vault. Revocation is instant via the dashboard.

Create New API Key View Rate Limits

OAuth2 Flow for User Login

Delegate authentication to trusted identity providers while maintaining FormFlow session continuity. We support Authorization Code Flow with PKCE for public clients.

Configure Redirect URIs

Register your application in the FormFlow OAuth portal. Add allowed callback URLs like `https://app.yourcompany.com/auth/callback`. Mismatched URIs will trigger a 403 Forbidden response.

Handle Token Exchange

After user consent, POST the authorization code to `https://auth.formflow.io/oauth/token`. Include your client ID and PKCE code verifier. The response returns a JWT valid for 3600 seconds.

Session Management

FormFlow handles automatic token refresh. Embed the provided JavaScript SDK (`@formflow/auth-js v2.4.1`) to seamlessly attach auth headers to your form submission endpoints.

Register OAuth Client Download Postman Collection

SSO Setup for Enterprise

Centralize access control across your organization using SAML 2.0 or OIDC. Provision users automatically and enforce MFA policies without modifying form templates.

Connect Identity Providers

Supported IdPs include Okta, Azure AD, PingIdentity, and Auth0. Input your IdP metadata URL or upload the X.509 certificate. ACME Corp typically completes this in under 12 minutes.

Map Attributes & Roles

Sync `email`, `name`, and `department` attributes to FormFlow user profiles. Assign workspace roles (Viewer, Editor, Admin) based on group claims like `CN=FormFlow-Editors,OU=Groups`.

Enforce Single Sign-On

Toggle SSO Required in your workspace security settings. Users without valid IdP assertions will be redirected to your corporate login page. Audit logs sync to your SIEM via webhook.

Start SSO Configuration Contact Enterprise Support