App Connections

Introduction

Connections are the secure bridge between IONFLOW and your external applications. Every time a node in your board needs to communicate with a service like Gmail, Shopify, Slack, or any REST API, it does so through a previously configured connection.

A connection stores authentication credentials (OAuth tokens, API keys, etc.) in encrypted form so your flows can interact with external services without exposing sensitive information. Once created, the same connection can be reused across multiple boards.

Who This Section Is For

• Administrators: Who configure and manage the organization’s connections
• Operators: Who need to connect their everyday tools to IONFLOW
• Integration specialists: Who create advanced connections with custom APIs

What is a Connection?

A connection is an authorized and secure access point to an external application. Its main characteristics are:

• Credentials are stored encrypted (AES-256 at rest, HTTPS/TLS 1.3 in transit)
• A connection can be reused across multiple boards
• Connections exist at the company (tenant) level, so all users in the same tenant share them
• They can be tested before saving to verify they work correctly

Types of Connections

There are two types of connections in IONFLOW:

Tenant Connections (Private)

Connections created by a company for their exclusive use. They only work within that company and no other tenant can see or use them.

Characteristics:

• Created and edited by company users
• Visible only within the tenant
• Editable and revocable by their creators

Global Connections (Public)

When a company wants their connection to be available for all IONFLOW users, they can request its publication through a system administrator. If the admin approves it, the connection is copied to global tables and becomes available to any company.

Publication Flow:

Company creates connection (Tenant) → Requests publication → Admin approves → Copied to global tables → Available to all

Characteristics:

• Read-only for end users
• Maintained by system administrators
• Available to all companies

Creating a Connection

Creation Flow

1. In the left sidebar, click Connections
2. Click + New Connection
3. Select the application (Grapp) you want to connect
4. A connection attempt is created with pending status
5. Follow the corresponding authentication flow (OAuth, API Key, etc.)
6. Click Test to verify the connection works
7. If the test is successful, the active connection is created

How It Works Internally

User starts connection → Attempt (pending) → Test/Verification
                                               ├── ✅ Success → Connection created
                                               └── ❌ Failure → Not created (attempt retains error)

Authentication Types

IONFLOW supports multiple authentication methods depending on the application:

Method	Description	When to Use
OAuth 2.0	Secure authorization without sharing passwords. Redirects to the provider to grant permissions.	Applications that support it (Gmail, Slack, Shopify, etc.) — recommended
API Key	Access key provided by the application	Applications that don’t support OAuth
Basic	Username and password	Legacy or internal APIs
Custom	Custom configuration of headers and parameters	Custom or non-standard APIs

OAuth vs API Keys

• OAuth 2.0 (Recommended): Never exposes your password. IONFLOW stores tokens that automatically refresh when they expire.
• API Keys: Simpler to set up, but require periodic manual rotation. Stored encrypted in IONFLOW.

Connection Status

A connection’s status is verified through the attempts system:

Endpoint	Purpose
POST /connections	Create a connection attempt
GET /connections/{attemptId}/test	Verify if the attempt was successful
GET /connections/{connectionId}/check	Verify an existing connection

You can check at any time whether a connection is still active using the Test or Check button in the interface.

Sharing Connections

Tenant connections are automatically shared among all users in the same company. There’s no need to configure individual permissions — any user in the tenant can use connections created by other team members.

If you need a connection to be available to other companies, request its publication as a global connection (see “Global Connections” section above).

Editing Connections

After creating a connection, you can:

• Re-authorize if the OAuth token expired
• Change permissions if the application allows it
• Rename the connection
• Revoke to completely disconnect

Revoking Connections

To disconnect an application:

1. Go to Connections
2. Find the connection you want to revoke
3. Click Revoke or the delete button
4. Confirm the action

Effect:

• Boards using this connection will stop working immediately
• Already processed and saved data remains intact
• It’s recommended to deactivate affected boards before revoking

Connection Security

IONFLOW protects your credentials with multiple layers of security:

• At-rest encryption: AES-256 for all stored credentials
• In-transit encryption: HTTPS/TLS 1.3 for all communication
• Token management: OAuth tokens refresh automatically
• No plain text: Passwords and API keys are never stored in readable format
• Separate storage: Credentials are isolated from workflow data

Credential Rotation

For maximum security, periodic credential rotation is recommended:

1. OAuth: Re-authorize connections every 90 days
2. API Keys: Update keys both in the external application and in IONFLOW
3. Auto-refresh: OAuth tokens automatically refresh when they expire

Common Errors

Error	Cause	Solution
”Authorization rejected”	Insufficient permissions in the external app	Request additional permissions from the app administrator
”Connection expired”	Expired OAuth token	Click Re-authorize and follow the OAuth flow
”Test failed”	Incorrect credentials or service unavailable	Verify credentials and the external service status
”App unavailable”	External service maintenance	Wait and try again in a few minutes

Key Terms

• Connection: Authorized and encrypted access to an external application
• Attempt: A connection creation attempt. Goes through verification before becoming an active connection
• OAuth 2.0: Secure authorization protocol that allows access without sharing your password
• API Key: Unique access key provided by an external service
• Token: Temporary code IONFLOW uses internally to authenticate with external services
• Tenant: Your company/organization within IONFLOW
• Grapp: Integration application registered in IONFLOW (e.g., Shopify, Gmail, etc.)

Mini FAQ

Q: What happens if I change my password in the external app? A: If you use OAuth, it generally doesn’t affect the connection — the token remains valid until it expires. If you use API Key or basic authentication, you’ll need to manually update the connection in IONFLOW.

Q: Can I see what data IONFLOW accesses in my account? A: The data accessed depends on the permissions granted during OAuth authorization. You can view and revoke permissions from the external app’s settings.

Q: Is it safe to connect my apps? A: Yes. IONFLOW uses industry-standard encryption (AES-256 + TLS 1.3) and never stores passwords in plain text. You can revoke access at any time.

Q: Are connections shared between users? A: Yes, tenant connections exist at the company level. All users in the same tenant can use the same connections.

Next Steps

• Boards - Use your connections in automated flows
• Advanced Integrations - Custom APIs and HTTP Requests
• Authentication - Your IONFLOW account security

See Also

• Boards
• Integrations
• Support