Skip to main content
FlowFn
IntegrationsTemplatesPricingDocsBlogSign inStart free
All documentation

Platform Tools and Integrations

UpdatedJun 4, 2026Reading time4 min read

Overview

Platform Tools are pre-built connections to services (e.g. Google, Stripe, Slack, MySQL, PostgreSQL, MongoDB). Once connected, you use them as actions inside workflow tasks.

Connecting a tool

Go to Platform Tools, pick a tool, and click Connect. OAuth tools open a sign-in flow; API key or connection-string tools ask for credentials. Store credentials in the tool connection; do not put secrets in workflow code.

Bring your own OAuth app

For OAuth tools, FlowFn ships with a default OAuth app for most platforms — connect with one click and you're done. You can also bring your own OAuth app, for example if you want the consent screen to show your brand or if the platform doesn't ship a default app.

The flow is two steps because the platform provider requires you to register the exact redirect URL on your OAuth app before they'll accept it:

  1. Claim a redirect URL. Open the connection drawer, enter a connection name, turn on Use my own OAuth app (or it's already on for platforms with no default app). Optionally paste your Client ID and Client secret if you already have them. Click Save & get redirect URL. We create the connection and show you a per-connection redirect URL in the form https://www.flowfn.com/callback/<platform>/<connectionId>.
  2. Register the URL on the provider. Open the platform provider's developer console (most tools surface a "How to create an OAuth app" link in the drawer) and add that exact redirect URL to your OAuth app's allowed redirect URIs. Copy your Client ID and Client secret back into the FlowFn drawer if you didn't enter them earlier, then click Connect to authorize.

Each connection has its own redirect URL so a single team can have multiple OAuth apps for the same platform (e.g. one for staging, one for production). The Client ID and Client secret are stored encrypted on the connection and survive re-authorization — when you reconnect, you don't have to re-enter them.

For platforms that only support bring-your-own OAuth, the toggle isn't shown — Client ID and Client secret are simply required, and the "Save & get redirect URL" step is mandatory.

Connection permissions

For OAuth tools, each connection card shows the permissions (scopes) that connection was granted when you authorized it. If an integration later needs a permission your connection doesn't have — for example a newer version of an action requires an extra scope — the card shows "Reauthorize to grant N new permission(s)". Click Reauthorize to add the missing permission to the same connection; you don't have to disconnect and rebuild it, and any bring-your-own OAuth credentials are preserved.

Using a tool in a workflow

In a workflow task, choose the tool and the action (e.g. Send email, Insert row). Map inputs from the trigger or previous tasks. The run will use your team's connection for that tool.

Using a tool in an agent

From an agent's Allowed tools panel you pick the platform tool, a team connection (for tools that need one — some run without any connection), and the specific actions the agent may invoke. Interactive (public chat) agents have an extra layer of safety on top of your allow-list:

  • High-impact actions are hidden from the picker — delete actions across every tool, refunds, payments, subscription mutations, mass-broadcast (social posts, Mailchimp campaigns), telephony (SMS / MMS / voice), permission and membership changes, e-signature send, and Gmail send. Each hidden action shows an Agent-restricted pill on the platform-tool detail page, with the full per-agent-type breakdown in the action drawer.
  • Entire platforms are also hidden when their whole API surface is too sensitive for a prompt-injectable public chat: Stripe, PayPal, accounting (QuickBooks, Xero, Wave, FreshBooks), HR / payroll (BambooHR, Deel, Gusto), AWS, raw databases (MySQL, PostgreSQL, MongoDB, BigQuery, Snowflake, ClickHouse, Firebase, Supabase Vector), arbitrary HTTP (Custom API, Custom Webhook, Custom MCP, FTP), and heavy media pipelines (video / audio / image processing, PDF utilities, Canva, Cloudinary).
  • Author-controlled agent types (webhook, schedule, playground) keep full access to every action and every platform — they aren't driven by untrusted free-form prompts, so the same threat model doesn't apply.

If your deployment needs a different cut, the action and tool restrictions are admin-tunable per agent type from the platform-tool detail page in the internal ops console.

Built-in tools (no external account)

Tools such as Background removal, QR code, PDF utilities, and Custom API run on FlowFn and do not need OAuth or API keys. From Platform Tools, open the tool and use the in-app support link for a short guide. All of these guides live under Documentation → Built-in platform tools.

Spotted an issue or have feedback?

support@flowfn.com
Back to docs hub →