Implementation:FlowiseAI Flowise UpdateChatflow Security
| Attribute | Value |
|---|---|
| Page Name | UpdateChatflow_Security |
| Workflow | Chatbot_Deployment |
| Repository | FlowiseAI/Flowise |
| Domain | Security, Deployment, Access Control |
| Source | packages/ui/src/api/chatflows.js:L13 |
| Last Updated | 2026-02-12 14:00 GMT |
Overview
API call implementation for updating chatflow security configuration including rate limiting, domain whitelisting, and parameter override control via the apiConfig field.
Code Reference
Source Location
- File:
packages/ui/src/api/chatflows.js, line 13 - UI Components:
packages/ui/src/ui-component/dialog/ChatflowConfigurationDialog.jsx(166 lines)packages/ui/src/ui-component/extended/Security.jsxpackages/ui/src/ui-component/extended/RateLimit.jsx(182 lines)packages/ui/src/ui-component/extended/AllowedDomains.jsx(208 lines)packages/ui/src/ui-component/extended/OverrideConfig.jsx(473 lines)
Signature
const updateChatflow = (id, body) => client.put(`/chatflows/${id}`, body)
For security configuration, the body parameter includes an apiConfig field containing a JSON-serialized string.
Import
import chatflowsApi from '@/api/chatflows'
The API client is configured at packages/ui/src/api/client.js with base URL ${baseURL}/api/v1.
I/O Contract
Inputs
| Parameter | Type | Description |
|---|---|---|
id |
string |
The chatflow ID to update |
body |
object |
Object containing apiConfig: string (JSON string)
|
The apiConfig JSON string has this structure:
{
rateLimiting: {
limitMax: number, // Maximum requests allowed in the window
limitDuration: number, // Duration of the rate limit window in seconds
message: string // Error message returned when limit is exceeded
},
allowedDomains: {
status: boolean, // Whether domain whitelisting is enabled
origins: string[], // Array of allowed origin URLs
errorMessage: string // Error message for blocked origins
},
overrideConfig: {
status: boolean, // Whether override configuration is enabled
nodes: string[], // Array of node identifiers allowed for override
variables: object[] // Array of variable override definitions with {id, name, type, enabled}
}
}
Outputs
| Field | Type | Description |
|---|---|---|
data |
Chatflow |
Updated chatflow object with the new apiConfig value
|
Returns Promise<{data: Chatflow}> with the full updated chatflow record.
Usage Examples
Configuring Rate Limiting
import chatflowsApi from '@/api/chatflows'
const securityConfig = {
rateLimiting: {
limitMax: 10,
limitDuration: 60,
message: 'Rate limit exceeded. Please try again later.'
},
allowedDomains: {
status: false,
origins: [],
errorMessage: ''
},
overrideConfig: {
status: false,
nodes: [],
variables: []
}
}
const response = await chatflowsApi.updateChatflow(chatflowId, {
apiConfig: JSON.stringify(securityConfig)
})
Enabling Domain Whitelisting
const securityConfig = {
rateLimiting: {
limitMax: 100,
limitDuration: 60,
message: 'Too many requests'
},
allowedDomains: {
status: true,
origins: ['https://myapp.com', 'https://staging.myapp.com'],
errorMessage: 'Access from this domain is not permitted'
},
overrideConfig: {
status: false,
nodes: [],
variables: []
}
}
const response = await chatflowsApi.updateChatflow(chatflowId, {
apiConfig: JSON.stringify(securityConfig)
})
Enabling Override Config Control
const securityConfig = {
rateLimiting: {
limitMax: 50,
limitDuration: 60,
message: 'Rate limit exceeded'
},
allowedDomains: {
status: false,
origins: [],
errorMessage: ''
},
overrideConfig: {
status: true,
nodes: ['chatOpenAI_0', 'openAIEmbeddings_0'],
variables: [
{ id: 'var1', name: 'temperature', type: 'number', enabled: true },
{ id: 'var2', name: 'modelName', type: 'string', enabled: false }
]
}
}
const response = await chatflowsApi.updateChatflow(chatflowId, {
apiConfig: JSON.stringify(securityConfig)
})
Related Pages
Page Connections
Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment