Appearance
Reference overview
The pages in this section are the technical reference for FlowRunner's programmable surface: the HTTP endpoint every flow becomes, the machine-readable spec you can hand to other tools, and the two-repo recipe for building your own node.
Most of FlowRunner is no-code — you design pages and wire up flows in a visual editor. But every flow you publish is also a real HTTP API, and the platform is built to be extended. This section is for when you (or a developer on your team) want to call flows from other software, generate client code, or add a brand-new node type to the toolbox.
What's here
| Page | What it covers |
|---|---|
| The Run API | How a flow is exposed over HTTP — the URL, methods, how inputs map to query/body/headers/path, auth, response shaping, tracing, and status codes. |
| OpenAPI | The OpenAPI 3.0 document FlowRunner generates for each project, and what it includes. |
| Authoring a node addon | The full recipe for a new node: a first-party engine handler in the host app plus a sandboxed config UI in the plugin repo. |
| Sandbox protocol | The postMessage RPC between the editor and a node's config UI, its permissions, and the trust boundary. |
The two halves of a node
FlowRunner deliberately splits a node into two pieces that live in two different places, with two different trust levels. Keeping them straight makes the rest of this section easier to read.
- The engine handler is the code that actually runs when the flow executes. It lives in the host app, runs on the server, and is first-party (trusted) code. See node authoring.
- The config UI is the little form you see when you select a node on the canvas. It's a sandboxed web page loaded in an isolated iframe, and it only edits the node's saved settings — it never runs the flow. See the sandbox protocol.
NOTE
Today, engine handlers are all first-party — FlowRunner ships them. Third-party config UIs can already run sandboxed, but running untrusted third-party execution code needs a server-side sandbox that isn't built yet. The node authoring page explains where that line sits.
See also
- Nodes overview — the ten built-in nodes and what each does
- How a flow runs — how data moves between nodes at run time
- HTTP triggers — the no-code side of exposing a flow as an endpoint
- Secrets — the per-workspace vault the engine reads at run time