Encrypted provider keys
Provider credentials are encrypted at rest using AES-256. Users send requests with a FlowGuard token, while the real provider key stays stored inside FlowGuard.
Security
Security for expensive API credentials and AI spend.
FlowGuard sits in front of paid providers, so the product is designed around credential protection, controlled access, and clear operational visibility.
Gateway protection
Gateway endpoints validate active FlowGuard API keys, attach project ownership, enforce monthly request limits, and log provider responses for monitoring and troubleshooting.
Account access
FlowGuard supports email verification, password reset codes, Google login, and Cloudflare Turnstile protection for public authentication forms.
Monitoring and alerts
Budgets, cost-spike detection, request logs, and provider-level reporting help teams catch runaway workflows before they become expensive incidents.