Integration Access Service
Gateway for third-party integration providers. Manages account provisioning, authentication token lifecycle, and API key management for external tools. Currently supports Langflow as the only provider, with an extensible registry pattern for adding more (GitHub, Jira, etc.).
- Tech: NestJS 11
- Port: 4000
- Auth: JWT (RS256), API Key, Public
- Database: None (in-memory token cache, user records persisted via user-service)
Integration Endpoints
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /api/v1/integrations/providers | Public | List all available integration provider names |
| POST | /api/v1/integrations/:providerName/tokens | JWT | Ensure tokens exist for user + provider. Creates account, logs in, caches tokens. |
| POST | /api/v1/integrations/:providerName/account | JWT | Ensure account exists for user in provider |
| GET | /api/v1/integrations/:providerName/health | Public | Health check for a specific provider |
| GET | /api/v1/integrations/health | Public | Health check for all providers |
| GET | /api/v1/health | Public | Service health check |
| GET | /metrics | -- | Prometheus metrics |
Langflow Endpoints
These endpoints are conditionally registered -- only available when LANGFLOW_BASE_URL and LANGFLOW_ADMIN_API_KEY are configured.
| Method | Path | Auth | Description |
|---|---|---|---|
| GET | /api/v1/langflow/flows | JWT | List all Langflow flows for the user |
| POST | /api/v1/langflow/flows | JWT | Create a new flow |
| GET | /api/v1/langflow/:flowId | JWT | Get a specific flow |
| POST | /api/v1/langflow/:flowId/run | JWT | Execute a flow with input |
| POST | /api/v1/langflow/tokens/refresh | JWT | Refresh Langflow access token |
| GET | /api/v1/langflow/health | Public | Langflow instance health check |
| GET | /api/v1/langflow/api-key | JWT | Get user's Langflow API key |
Token Lifecycle
The ensureTokens flow for a provider:
- Check in-memory token cache for existing valid tokens
- If found but expired, try to refresh via the provider's refresh endpoint
- If refresh fails or no cached tokens, do a fresh login
- Cache the new tokens in memory
- Return the tokens to the caller
Tokens are stored in an in-memory mock database (planned migration to Redis). Lost on service restart.
Account Provisioning (Langflow)
The ensureAccount flow:
- Check user-service for existing Langflow account record
- If not found, create a new user in Langflow with a random password
- Activate the user in Langflow
- Create an API key in Langflow for the user
- Save all credentials (username, password, API key) to user-service
Inter-Service Communication
| Target | Protocol | Purpose |
|---|---|---|
| user-service | HTTP | GET /langflow-users/me -- Get Langflow account record |
| user-service | HTTP | POST /langflow-users -- Create Langflow account record |
| user-service | HTTP | PATCH /langflow-users/:userId -- Update account (API key, etc.) |
| Langflow | HTTP | POST /api/v1/login -- Login |
| Langflow | HTTP | POST /api/v1/refresh -- Refresh token |
| Langflow | HTTP | POST /api/v1/users/ -- Create user (admin API key) |
| Langflow | HTTP | PATCH /api/v1/users/:userId -- Activate user |
| Langflow | HTTP | GET /api/v1/flows/ -- List flows |
| Langflow | HTTP | POST /api/v1/flows/ -- Create flow |
| Langflow | HTTP | GET /api/v1/flows/:flowId -- Get flow |
| Langflow | HTTP | POST /api/v1/run/:flowId -- Run flow |
| Langflow | HTTP | POST /api/v1/api_key/ -- Create API key |
| Langflow | HTTP | GET /health -- Health check |
Key Environment Variables
| Variable | Required | Description |
|---|---|---|
| LANGFLOW_BASE_URL | No | Langflow instance URL. If not set, Langflow module is disabled. |
| LANGFLOW_ADMIN_API_KEY | No | Admin API key for Langflow user management |
| USER_SERVICE_URL | Yes | User service base URL |
| USER_SERVICE_SECRET | Yes | Secret for user-service calls |