Security | FlowPilot Studio

FlowPilot authenticates with your Flow PT instance using the App Session Launcher, the same mechanism used by ShotGrid Desktop, RV, and other Autodesk integrations. FlowPilot never sees your Flow PT password.

1

Enter your Flow PT site URL e.g. mystudio.shotgrid.autodesk.com

2

Popup opens on your Flow PT site You sign in with your Flow PT credentials (SSO, 2FA, etc.)

3

You approve the session Flow PT returns a session token

4

Token exchanged & encrypted Stored securely, never in plaintext

How it works

FlowPilot requests a session via Flow PT’s internal API
A popup opens on your Flow PT site where you sign in directly
FlowPilot polls for approval, then exchanges the session token for OAuth credentials
All your existing login methods work (SSO, 2FA, SAML)

What FlowPilot never has

Your Flow PT username or password
Your SSO or 2FA credentials
Direct access to your identity provider
Any way to bypass your Flow PT login security

Same trust model as ShotGrid Desktop: This is the same App Session Launcher protocol that Autodesk’s own tools (ShotGrid Desktop, RV) use. Your Flow PT site controls which apps are authorized, and you approve each session directly on your Flow PT site.

FlowPilot uses AI to translate natural language into Flow PT API queries. The AI operates on metadata only (field names, entity types, and API capabilities), never your actual production data.

FlowPilot data security architecture diagram showing how AI only accesses schema metadata while production data stays on your Flow PT server

Request

You Ask a question

→

FlowPilot Schema & metadata only

→

AI

Generates query No data access

Response

FlowPilot Executes query

→

Your FPT Server Data stays here

→

You see results In your browser

What AI receives

Your natural language question
Flow PT schema metadata (field names, types)
API capability descriptions

What AI never receives

Your Flow PT credentials or tokens
Your production data
File contents or media

Tool-based architecture: AI generates structured queries through a defined tool interface (function calling), not free-form code. Outputs are validated against strict schemas before execution. This structurally limits what the AI can do and prevents prompt injection attacks.

Known limitation: AI endpoints have per-conversation turn limits (15 for charts, 10 for automations) and token limits, but not per-user rate limiting. Abuse prevention relies on authentication and conversation-level controls.

All Flow PT credentials stored in FlowPilot are encrypted at rest using AES-256-GCM, the same standard used by banks and government systems. This applies to both user OAuth tokens and script API keys.

Encryption Specifics

Algorithm: AES-256-GCM (authenticated encryption)
Key size: 256-bit (32 bytes)
IV: Random 16 bytes per encryption (prevents pattern analysis)
Auth tag: 16-byte tag detects any tampering

Key Management

Encryption key stored in Vercel Secrets (never in code)
Validated at startup (exactly 64 hex characters)
Generated with cryptographically secure random bytes
Server-side only, never sent to your browser

User OAuth Tokens

When you connect to your Flow PT instance, your access token and refresh token are encrypted before storage. The server decrypts them only when needed to refresh an expiring token, then immediately re-encrypts the new tokens. Plaintext credentials are never stored or logged.

Script API Keys

Script credentials (used for automations and background operations) are encrypted identically. The encrypted key is never returned in API responses, not even to admins. The server decrypts API keys only to generate short-lived Flow PT session tokens for authorized operations.

1

You provide credentials Via HTTPS

2

Server encrypts immediately AES-256-GCM

3

Stored encrypted In database

4

Decrypted only for refresh Then re-encrypted

Every API call to your Flow PT server uses your own OAuth token, so you only see and access data that Flow PT already authorizes for your account. FlowPilot never elevates or bypasses permissions.

Two Layers of Access Control

Flow PT Permissions (Your Server)

Entity access, field visibility, and project permissions are all enforced by your Flow PT server via the Bearer token on each API call. FlowPilot passes through your token. If Flow PT says no, FlowPilot respects that.

FlowPilot RBAC (Our Layer)

On top of Flow PT permissions, FlowPilot adds organizational role-based access control. Each product (Data Insights, Automations) has independent roles:

Owner: Full control, billing
Admin: Create, edit, manage
Viewer: Read-only access

Organization isolation: Data is strictly isolated between organizations. Users in Organization A cannot see or access anything belonging to Organization B. This is enforced at the database level with Row-Level Security (RLS) policies.

Live Data Exports let you connect Google Sheets, Excel, or any tool to a live CSV feed of your Flow PT data. Each export gets a unique token that serves as its access key.

Scoped, Individual Tokens

Each token is tied to one specific export with a fixed query configuration. A token gives access to exactly one dataset: the fields, filters, and entity type defined when the export was created. It cannot be used to access any other data, endpoint, or FlowPilot feature.

Token Properties

UUID v4 (122 bits of entropy, not guessable)
One token = one dataset, nothing else
Admin-only creation and management
Can be regenerated instantly to invalidate the old token

Why Tokens Don't Expire

Tokens are permanent by design. When you paste a CSV URL into Google Sheets or Excel, it refreshes automatically on a schedule. An expiring token would break your spreadsheets and require manual updates. Admins can regenerate a token at any time to revoke access.

Comprehensive Access Logging

Every request to a live data endpoint is logged with full metadata, so you always know who’s accessing your data.

IP address

User agent

Source classification

Response time

Row count

Success / error status

The source classifier automatically identifies whether access comes from Google Sheets, Excel/Power Query, Python, cURL, a browser, or an API client, so unexpected access patterns are immediately visible.

Anomaly Detection

FlowPilot monitors live data access for anomalies across four dimensions:

Volume spikes Unusual request count vs. 7-day average

Error rate spikes Elevated failures vs. historical baseline

Response time spikes Slow responses vs. historical average

New source types Client types not seen in the past 7 days

Known limitation: Detailed access logs are retained for 7 days (daily summary statistics are kept indefinitely). If you need to investigate an incident, the 7-day window provides full request-level detail; beyond that, aggregate data is available.

SOC 2 Compliant Hosting

FlowPilot runs on Vercel and Supabase, both SOC 2 Type II compliant platforms with regular security audits, monitoring, and incident response procedures.

Database Security

Row-Level Security (RLS) policies on every table enforce organization isolation at the database level. Even if application logic were bypassed, the database would reject cross-organization queries.

Session Security

Session cookies are HTTP-only (inaccessible to JavaScript), SameSite (CSRF protection), and Secure (HTTPS-only in production). A fresh database client is created per request to prevent state leakage between users.

Rate Limiting

Public endpoints (like live data CSV feeds) are rate-limited at the proxy level (50 requests/second per IP with burst allowance) to prevent abuse and DDoS attacks.

If you have questions about FlowPilot’s security practices or need additional information for your organization’s security review, please reach out to us at support@flowpilot.studio.

See also our Privacy Policy and Terms of Service.