Pubflow Integration β
Bridge Payments seamlessly integrates with the Pubflow ecosystem, particularly with Flowless for authentication and session management.
Overview β
Bridge Payments validates user sessions with your Flowless instance to ensure secure payment processing. This integration allows:
- Automatic user authentication
- Session validation
- User context in payment records
- Organization/multi-tenant support
- Secure guest checkout
Architecture β
βββββββββββββββββββ ββββββββββββββββββββ
β Your Frontend ββββββββββΆβ Bridge Payments β
β (React/Next) β β Instance β
βββββββββββββββββββ ββββββββββ¬ββββββββββ
β
β Validate Session
β
ββββββββββΌββββββββββ
β Flowless β
β Instance β
ββββββββββββββββββββConfiguration β
1. Get Flowless Instance URL β
Your Flowless instance URL is available in the Pubflow dashboard:
https://your-flowless.pubflow.com2. Generate Shared Secret β
The BRIDGE_VALIDATION_SECRET is a shared secret between Bridge Payments and Flowless.
In Flowless Configuration:
BRIDGE_VALIDATION_SECRET=your_shared_secret_hereIn Bridge Payments Configuration:
BRIDGE_VALIDATION_SECRET=your_shared_secret_hereImportant
The secret must be identical in both instances. Use a strong, random string (minimum 32 characters).
3. Configure Bridge Payments β
In your Bridge Payments instance configuration (Pubflow dashboard):
# Flowless API URL (required)
FLOWLESS_API_URL=https://your-flowless.pubflow.com
# Bridge validation secret (required)
BRIDGE_VALIDATION_SECRET=your_shared_secret_here
# Authentication timeout (optional, default: 30000ms)
AUTH_TIMEOUT=30000
# Request timeout (optional, default: 60000ms)
REQUEST_TIMEOUT=60000Session Validation Flow β
1. Client Sends Request β
const response = await fetch(
'https://your-bridge.pubflow.com/bridge-payment/payments/intents',
{
method: 'POST',
headers: {
'Content-Type': 'application/json',
'X-Session-ID': sessionId // From Flowless authentication
},
body: JSON.stringify({
total_cents: 2000,
currency: 'USD'
})
}
);2. Bridge Payments Validates Session β
1. Extract session_id from X-Session-ID header
2. Call Flowless API: POST /bridge/validate
3. Flowless validates session and returns user data
4. Bridge Payments caches validation result
5. Request proceeds with user context3. Flowless Returns User Data β
{
"valid": true,
"user": {
"id": "user_123",
"email": "[email protected]",
"name": "John Doe",
"organization_id": "org_456"
}
}Authentication Methods β
Method 1: X-Session-ID Header (Recommended) β
headers: {
'X-Session-ID': sessionId
}Pros:
- Clean separation of concerns
- Standard HTTP header
- Easy to implement
Method 2: Authorization Bearer Token β
headers: {
'Authorization': `Bearer ${token}`
}Pros:
- Standard OAuth 2.0 pattern
- Compatible with API gateways
Method 3: Query Parameter β
const url = `${baseUrl}/payments/intents?session_id=${sessionId}`;Pros:
- Simple for testing
- Works with GET requests
Cons:
- Less secure (visible in logs)
- Not recommended for production
Guest Checkout β
Guest checkout bypasses Flowless authentication:
const response = await fetch(
'https://your-bridge.pubflow.com/bridge-payment/payments/intents',
{
method: 'POST',
headers: {
'Content-Type': 'application/json'
// No authentication header
},
body: JSON.stringify({
total_cents: 2000,
currency: 'USD',
guest_data: {
email: '[email protected]',
name: 'Guest User'
}
})
}
);Organization Support β
Bridge Payments supports multi-tenant organizations:
Automatic Organization Detection β
When a user belongs to an organization, Bridge Payments automatically links payments:
// User session includes organization_id
{
"user_id": "user_123",
"organization_id": "org_456"
}
// Payment automatically linked to organization
{
"id": "pay_789",
"user_id": "user_123",
"organization_id": "org_456"
}Override Organization β
You can override the organization for specific payments:
const response = await fetch(
'https://your-bridge.pubflow.com/bridge-payment/payments/intents',
{
method: 'POST',
headers: {
'X-Session-ID': sessionId
},
body: JSON.stringify({
total_cents: 2000,
currency: 'USD',
organization_id: 'org_different' // Override
})
}
);Caching β
Bridge Payments caches session validations for performance:
- Cache TTL: 5 minutes (default)
- Cache Key:
session_${session_id} - Cache Invalidation: Automatic after TTL
Benefits:
- Reduced Flowless API calls
- Faster response times
- Lower latency
Error Handling β
Invalid Session β
{
"error": "Invalid session_id",
"status": 401
}Client Action:
- Redirect to login
- Refresh session token
- Clear local storage
Flowless Unreachable β
{
"error": "Authentication service unavailable",
"status": 503
}Client Action:
- Retry request
- Show error message
- Use fallback authentication
Expired Session β
{
"error": "Session expired",
"status": 401
}Client Action:
- Refresh session token
- Redirect to login
Testing β
Test Session Validation β
# Test with valid session
curl -X POST "https://your-bridge.pubflow.com/bridge-payment/payments/intents" \
-H "Content-Type: application/json" \
-H "X-Session-ID: your_session_id" \
-d '{
"total_cents": 2000,
"currency": "USD"
}'
# Test with invalid session
curl -X POST "https://your-bridge.pubflow.com/bridge-payment/payments/intents" \
-H "Content-Type: application/json" \
-H "X-Session-ID: invalid_session" \
-d '{
"total_cents": 2000,
"currency": "USD"
}'Best Practices β
1. Use X-Session-ID Header β
Prefer X-Session-ID header over query parameters for security.
2. Handle Session Expiration β
Implement automatic session refresh or redirect to login.
3. Cache Session Tokens β
Cache session tokens in secure storage (HttpOnly cookies, AsyncStorage).
4. Validate on Frontend β
Check session validity before making payment requests.
5. Monitor Authentication Errors β
Track 401 errors to identify authentication issues.
Troubleshooting β
"Invalid session_id" β
Cause: Session not found in Flowless or expired
Solution:
- Verify session_id is correct
- Check session hasn't expired
- Ensure user is logged in
"BRIDGE_VALIDATION_SECRET mismatch" β
Cause: Secrets don't match between Bridge Payments and Flowless
Solution:
- Verify secrets are identical
- Check for extra spaces or characters
- Update both instances
"Flowless API unreachable" β
Cause: Network issue or Flowless instance down
Solution:
- Check Flowless instance status
- Verify FLOWLESS_API_URL is correct
- Check network connectivity
Next Steps β
- Environment Configuration - Complete environment setup
- Payment Providers - Configure payment providers
- API Reference - Explore the API