Introduction to FlowCMS

Welcome to the official FlowCMS documentation. FlowCMS is a modern, headless content management system built for developers and content teams who demand speed, flexibility, and scale. This guide covers everything from initial setup to advanced API workflows.

💡

Pro Tip

New to headless CMS? Start with the Quickstart Guide to deploy your first content API in under 5 minutes using our CLI.

What is FlowCMS?

FlowCMS decouples content creation from presentation. Instead of tying your data to templates, you define content models once and deliver them via REST or GraphQL APIs to any frontend framework (React, Vue, Next.js, mobile apps, IoT devices, etc.).

Key architectural advantages include:

API-First Design: Built for modern JAMstack and SPA architectures
Real-Time Sync: WebSocket-powered live previews and draft collaboration
Edge-Optimized: Global CDN distribution with automatic cache invalidation
AI-Assisted: Built-in content tagging, SEO scoring, and translation workflows

Quickstart Guide

Get up and running with FlowCMS locally in three steps:

1. Install the CLI

Terminal

npm install -g @flowcms/cli
flowcms init my-project
cd my-project
flowcms dev

2. Configure Your First Content Model

Define a schema using our YAML-based model language:

models/blog-post.yaml

name: BlogPost
slug: blog-post
fields:
  - name: title
    type: text
    required: true
  - name: slug
    type: slug
    source: title
  - name: body
    type: rich-text
    toolbar: [bold, italic, link, image, heading]
  - name: author
    type: reference
    model: User

3. Query via API

JavaScript / Node.js

import { FlowCMS } from '@flowcms/sdk';

const cms = new FlowCMS({ apiKey: process.env.FLOW_API_KEY });

const posts = await cms.query('BlogPost', {
  where: { status: 'published' },
  sort: { createdAt: 'desc' },
  limit: 10
});

console.log(posts.data);

⚠️

Security Notice

Never commit your API keys to version control. Use environment variables or our built-in secrets manager in production deployments.

API Access & Authentication

FlowCMS supports three authentication methods depending on your use case:

Method	Use Case	Token Type	Scopes
Bearer Token	Server-side rendering, admin SDKs	JWT (24h)	Read, Write, Admin
Public API Key	Frontend data fetching	Static Key	Read-only
OAuth 2.0	Third-party integrations	Access + Refresh	Custom Grants

Rate Limiting

API endpoints are throttled based on your plan tier. Headers are included in every response:

HTTP Response Headers

X-RateLimit-Limit: 10000
X-RateLimit-Remaining: 9432
X-RateLimit-Reset: 1703952000
Retry-After: 42

Webhooks & Events

Subscribe to content lifecycle events to trigger external workflows. FlowCMS supports retry logic with exponential backoff and HMAC signature verification.

Node.js (Express)

app.post('/webhooks/flowcms', express.json(), async (req, res) => {
  const signature = req.headers['x-flow-signature'];
  if (!verifySignature(req.body, signature, process.env.WEBHOOK_SECRET)) {
    return res.status(401).send('Invalid signature');
  }

  const { event, data } = req.body;
  if (event === 'content.published') {
    await invalidateCDN(data.slug);
    await notifySlack(data.title);
  }

  res.status(200).send('OK');
});

← Previous Table of Contents Next → Quickstart Guide