Flow API

Users and Groups

The core Flow models are those for users and the groups they belong to. The authentication and permissioning systems are both built on top of these, and they govern how anybody interacts with Flow.

Users

The user model represents a person who can sign in to Flow.

Authentication in Flow is done using JSON Web Tokens (JWTs) for access tokens, and HTTP-only cookies for refresh tokens. Every request which is to be done as a particular user needs the Authorization header to be set to an access token. These tokens are relatively short lived and, when used in a request, provides access to resources that that user has access to.

To obtain an access token, a request is sent to a particular endpoint (/token in the REST API) which returns the access token, providing the request is sent with a refresh token in a HTTP-only cookie. These are long-lived tokens which are in turn obtained by sending the user's username and password to a login endpoint. This endpoint also returns an access token, so in practice when interacting with the API directly you may wish to deal solely in access tokens - the refresh token is used largely in the frontend to renew the access token automatically in the background.

The user model has the following key properties:

  • Name
    username
    Type
    string
    Description

    The unique identifier with which the user logs in.

  • Name
    email
    Type
    string
    Description

    The unique email address for the user. On some instances there is a regex determining what emails are not permitted.

  • Name
    password
    Type
    string
    Description

    The salted hash of the user's password.

  • Name
    name
    Type
    string
    Description

    The full name of the user.

  • Name
    is_admin
    Type
    bool
    Description

    Whether or not the user is an admin - admins can modify the instance's settings, see private pipelines etc.

  • Name
    image
    Type
    string
    Description

    The filename of the user's profile picture.

  • Name
    created
    Type
    int
    Description

    The timestamp for when the user first signed up.

  • Name
    last_login
    Type
    int
    Description

    The timestamp for when the user last logged in.

  • Name
    can_run_pipelines
    Type
    bool
    Description

    Whether or not the user is permitted to run pipelines.

  • Name
    password_reset_token
    Type
    string
    Description

    When the user requests to reset their password, this token authenticates that request when given.

  • Name
    password_reset_token_expiry
    Type
    int
    Description

    The timestamp for when the password reset token expires.

Groups

A group is how users are organised, and they can represent anything you like - a lab, an organisation, a team etc. A user can be in multiple groups at once, or none.

A user's permission level within a group can be one of three values:

  • 1 - the user has been invited to the group, but not yet accepted or rejected. In practice this confers no access.
  • 2 - the user is a member of the group, and can access anything that the group can access.
  • 3 - the user is an admin of the group, and can invite/remove other users.

Some objects in Flow have owners - in every such case they can be owned either by a user or by a group. When owned by a group, every member of the group will have full permissions on that object.

The key properties of groups are:

  • Name
    name
    Type
    string
    Description

    The name of the group.

  • Name
    description
    Type
    string
    Description

    A free text description of what the group is and who it represents.

  • Name
    slug
    Type
    string
    Description

    The unique identifier for the group - analagous to the username of users.

  • Name
    created
    Type
    int
    Description

    The timestamp for when the user first signed up.

  • Name
    created
    Type
    int
    Description

    The timestamp for when the group was created.

Was this page helpful?