It exposes a set of strictly versioned APIs consumed by Flowxi frontends and internal services. This documentation exists to explain how the platform works, how to integrate with it safely, and how to reason about its behavior in real-world scenarios. This is not marketing documentation and not a public developer portal.
Audience
This documentation is written for three main audiences:Frontend engineers
- Integrating authentication and onboarding flows
- Handling sessions, devices, and 2FA
- Displaying errors and localized messages correctly
- Building wallet and financial user experiences
Internal teams
- Operating and monitoring the platform
- Extending features without breaking guarantees
- Understanding system boundaries and invariants
- Debugging production behavior safely
Investors, auditors, and technical reviewers
- Understanding platform architecture
- Reviewing security and compliance posture
- Verifying deterministic and auditable behavior
- Assessing scalability and risk controls
What Flowxi provides
Flowxi exposes a clear, opinionated backend surface with the following responsibilities.Identity & access control
- User registration and activation
- Secure authentication (email/password)
- Two-factor authentication (TOTP)
- Session and device management
- Strict anti-enumeration guarantees
- Rate limiting on sensitive actions
Wallet & balance infrastructure
- Custodial wallet ownership
- Balance tracking
- Transaction history
- Deterministic ledger behavior
Financial operations
- Internal transfers and movements
- Idempotent financial actions
- Auditable money flows
- Explicit success and failure states
Compliance primitives
- KYC / KYB workflows
- Document handling
- Regulatory state enforcement
- Account restriction and closure logic
Localization-first APIs
- All API responses are localized
- Validation errors are localized
- Authentication errors are localized
- Transactional emails follow the same locale
- FR is the default and guaranteed fallback
- EN is supported
Design philosophy (important)
Flowxi follows a few non-negotiable principles that explain many implementation choices.- Security before convenience
Every flow is designed to resist abuse, enumeration, and misuse. - API-first architecture
All behavior is explicit, versioned, and documented. - State-driven logic
No hidden or inferred states; everything is explicit and persisted. - Deterministic behavior
Same input → same output, including error codes. - Frontend-safe contracts
Frontends rely on stablecodevalues, never on translated text.
Documentation structure
The documentation is organized by responsibility, not by user journey.Platform introduction
High-level architecture, scope, and core platform principles.
Authentication & security
Login, registration, tokens, sessions, devices, and 2FA flows.
Errors & localization
Error formats, error codes, localization rules, and frontend handling.
API reference
Endpoint-level documentation with request and response schemas.
Core platform components
The Flowxi backend is built around a small number of clearly separated components.Users
User accounts, lifecycle states, locale, and access rules.
Wallets
Custodial wallets, balances, and transaction records.
Compliance
Verification workflows, regulatory states, and enforcement logic.
Security
Rate limiting, 2FA, audit logs, and abuse prevention.
How to use this documentation
Recommended reading order:- Introduction
Understand what the platform is responsible for. - Authentication overview
Learn how access, sessions, and security actually work. - Errors & localization
Learn how to handle failures correctly on the frontend. - API reference
Use as a precise contract for implementation.
- Familiarity with REST APIs
- Experience with frontend ↔ backend integration
- Basic understanding of authentication and tokens
Access & support
Flowxi is restricted to authorized teams and systems. For access issues, production incidents, or technical questions:support@flowxi.app