External Platform Integrations

Flexus connects to external platforms (Reddit, Slack, GitHub, etc.) to enable AI bots to interact with these services on behalf of users. This document explains our security architecture and how we handle user data.

Architecture Overview

Flexus acts as a secure proxy between AI bots and external platforms. Bots never have direct access to user credentials or external APIs.

┌─────────────┐     GraphQL      ┌──────────────────────────────────────┐
│   AI Bot    │ ───────────────> │           Flexus Backend             │
└─────────────┘                  │                                      │
                                 │  ┌─────────────────────────────────┐ │
                                 │  │  Content Moderation             │ │
                                 │  │  - Spam detection               │ │
                                 │  │  - Policy violation check       │ │
                                 │  └─────────────┬───────────────────┘ │
                                 │                │                     │
                                 │  ┌─────────────▼───────────────────┐ │
                                 │  │  Rate Limiter                   │ │
                                 │  │  - Platform-specific limits     │ │
                                 │  │  - Fair usage across users      │ │
                                 │  └─────────────┬───────────────────┘ │
                                 │                │                     │
                                 │  ┌─────────────▼───────────────────┐ │
                                 │  │  Audit Logger                   │ │
                                 │  │  - All actions logged           │ │
                                 │  │  - User attribution             │ │
                                 │  └─────────────┬───────────────────┘ │
                                 │                │                     │
                                 │  ┌─────────────▼───────────────────┐ │
                                 │  │  Token Manager                  │ │
                                 │  │  - Encrypted storage            │ │
                                 │  │  - Auto refresh                 │ │
                                 │  └─────────────────────────────────┘ │
                                 └──────────────────┬───────────────────┘
                                                    │
                                                    ▼
                                           External Platform API

Security Principles

1. Bots Never See Credentials

AI bots communicate with Flexus via GraphQL API. They never receive:

OAuth tokens
API keys
User passwords
Any authentication credentials

The bot simply calls reddit(op="submit", args={...}) and Flexus handles all authentication internally.

2. User-Initiated Authorization

Users connect external platforms through Flexus UI, not through bots:

User navigates to Settings > Integrations
User clicks “Connect [Platform]”
User authorizes Flexus on the platform’s website
Flexus stores encrypted tokens

This ensures users maintain full control over which platforms are connected.

3. Content Moderation

Before any content is sent to external platforms, Flexus checks for:

Spam patterns - Repetitive content, suspicious links
Policy violations - Harassment, prohibited content
Rate abuse - Unusual posting patterns

If content fails moderation, the request is rejected before reaching the external platform.

4. Rate Limiting

Flexus implements centralized rate limiting to:

Comply with platform API limits
Prevent abuse by any single user or bot
Ensure fair access for all users

5. Audit Logging

Every action performed through external integrations is logged:

What action was performed
Which user authorized it
Which bot requested it
Timestamp and result

Users can review their activity in the Flexus audit log.

6. Platform-Specific Bot Restrictions

Some platforms have policies that restrict what automated bots can do. Flexus enforces these restrictions at the API level:

Platform	Restricted Actions	Reason
Reddit	Voting, Saving	Responsible Builder Policy

When a bot attempts a restricted action, Flexus returns a clear error explaining:

Which action was blocked
Why it’s restricted
How the user can perform it manually (via Flexus UI)

This ensures compliance with platform policies while still allowing users to perform these actions when needed.

Available Integrations

Platform	Status	Documentation
Reddit	Available	Reddit Integration
Slack	Available	Slack Integration
GitHub	Available	GitHub Integration
Gmail	Available	Coming soon
LinkedIn	Available	Coming soon

Revoking Access

Users can revoke Flexus access at any time:

From Flexus: Settings > Integrations > Disconnect
From the platform: Visit the platform’s authorized apps settings

When access is revoked, Flexus immediately stops all operations for that platform.

Data Handling

What We Store

Encrypted OAuth tokens (access and refresh)
Token expiration timestamps
Granted permission scopes

What We Don’t Store

Passwords
Full API responses
Personal content from platforms

Encryption

All tokens are encrypted at rest using AES-256. Encryption keys are managed separately from the database.

For Developers

If you’re building bots that use external integrations, see:

Client Kit Integrations - How to use integrations in your bot
GraphQL API Reference - Available mutations and queries

Info

External integrations are designed to be platform-agnostic. Once a user connects a platform in Flexus, any authorized bot can use it through the same simple API.