What Is a Marketplace Application

A Flowlu marketplace application is a modular add-on that extends the platform’s functionality through documented integration points. Applications are installed into Flowlu but run independently from the core system. Each application follows a standard structure that is understood by both Flowlu and developers.

At a basic level, an application is a package that includes a description (manifest), executable code or links to an external service, and user interface resources such as widgets, icons, or UI templates.

Application Formats

Marketplace applications can be implemented in two main formats.

Embedded web module

An embedded web module consists of frontend components that are integrated into the Flowlu interface using predefined integration points. These modules run in the user’s browser, use Flowlu’s SDK, and appear as part of the Flowlu interface. Embedded modules do not have direct access to Flowlu’s internal logic or data and interact with the platform only through approved APIs.

External service

An external service is a standalone web application hosted by the application developer and integrated with Flowlu through APIs and an iframe. The application interface is displayed inside a secure iframe or opened in a new window. All interaction with Flowlu happens through authenticated API requests and follows the platform’s security and permission policies.

Application Structure

Each application package includes the following components.

Manifest

The manifest defines the application’s metadata, required permissions, and integration points within Flowlu. It is the central configuration file for the application and is described in more detail in later sections.

Frontend

The frontend includes interface files (HTML, CSS, JavaScript) or a compiled bundle responsible for rendering the application UI inside Flowlu. The frontend can be dynamic and may use dynamic UI generation mechanisms, including schema-based forms.

Backend (optional)

The backend contains the server-side logic of the application. If server-side processing is required, the application can call external APIs, use cloud functions, or interact with the developer’s own server. All communication with Flowlu is performed exclusively through the public API, with token validation and permission checks enforced on every request.

Assets and static resources

These include supporting materials such as icons, localization files, templates, styles, and other static resources required by the application. They can be stored within the application package or loaded from external URLs specified in the manifest.

Isolation and Interaction with the Core Platform

All applications run in isolation from the Flowlu core system. Errors in application code must not affect the stability of the main platform. To ensure this, applications operate in a sandboxed environment and do not have direct access to Flowlu’s internal pages or scripts.

Applications cannot access Flowlu’s database or internal core methods. All interaction with the platform is performed exclusively through official APIs and documented integration interfaces. Every API request must be authorized using valid credentials, and permission checks are enforced on each request. Calls to methods outside the application’s assigned permissions are automatically blocked.

This approach allows developers to extend Flowlu’s functionality through approved integration points while keeping the core platform secure and stable.

For endpoint references, authentication details, and request examples, see the Flowlu API documentation.