Partner Integration Guide
Technical guide for Flowtriq reseller and white-label partners. Covers deploying ftagent under your brand, provisioning via API, and how alerts flow to your customers.
Architecture Overview
Flowtriq uses a multi-tenant model designed for partners. Your workspace is the parent workspace, and each of your customers gets a sub-workspace beneath it. This gives you a single pane of glass across your entire customer base while keeping each customer fully isolated.
- Parent workspace: Your partner account. You manage billing, branding, and API tokens here.
- Sub-workspaces: One per customer. Each sub-workspace has its own nodes, incidents, alerts, users, and thresholds. Customers in one sub-workspace cannot see data from another.
- Partner Overview API: Your parent workspace can query aggregate stats across all sub-workspaces via
GET /api/v1/partner/overview.
DNS Setup
Two CNAME records are needed to run a fully branded partner deployment. One serves the dashboard UI, the other handles agent reporting and REST API calls.
| Record | Host | Points To | Purpose |
|---|---|---|---|
| Dashboard | dashboard.yourcompany.com | whitelabel.flowtriq.com | Branded dashboard for your customers |
| API | api.yourcompany.com | api.flowtriq.com | Agent reporting + REST API |
The API CNAME makes the entire REST API available at https://api.yourcompany.com/api/v1/.... Same endpoints, same authentication, fully scoped to your workspace. Agents report to your API domain so customers never see Flowtriq infrastructure.
Deploying ftagent Under Your Brand
Follow these steps to provision a customer, deploy the agent to their server, and have traffic data flow into your branded dashboard.
Step 1: Set your custom API domain
Go to Settings → White Label → API Domain and enter your API subdomain (e.g. api.yourcompany.com).
Step 2: Verify DNS
Ensure your api.yourcompany.com CNAME points to api.flowtriq.com and has propagated. Click Verify DNS in the dashboard.
Step 3: Create a sub-workspace for the customer
Step 4: Create a node in that sub-workspace
api_key is returned once in the create response. Store it securely. You will need it to register the agent on the customer's server.Step 5: Install ftagent on the customer's server
The agent will report heartbeats, metrics, and incidents to api.yourcompany.com. The customer never sees Flowtriq infrastructure.
Step 6: Use the branded deploy script (optional)
Instead of manual installation, you can generate a ready-to-run deploy script with your brand name and API domain pre-filled:
This returns a bash script that your customer can run with a single command. The script handles pip installation, agent registration, and systemd setup automatically.
API Provisioning
Key endpoints for partner operations. All endpoints work through your custom API domain (https://api.yourcompany.com) or https://api.flowtriq.com.
Workspace Management
List all sub-workspaces under your partner account.
Create a new sub-workspace for a customer.
Get details for a specific sub-workspace.
Deactivate a sub-workspace. Nodes stop reporting, data is retained for 30 days.
Node Management (scoped to sub-workspace)
List all nodes in a sub-workspace.
Create a node in a sub-workspace. Returns api_key and node_uuid.
Update a node's properties (name, location, priority, etc.).
Delete a node from a sub-workspace.
Incidents & Partner Overview
List incidents for a specific sub-workspace.
Aggregate stats across all sub-workspaces: total nodes, active incidents, traffic volume, and per-workspace summaries.
Full provisioning example
Create a workspace and add a node in two API calls:
How Alerts Flow
Understanding the alert pipeline helps you configure notifications for your customers and integrate with your own monitoring stack.
- Detection: ftagent detects an anomaly on the customer's server (threshold breach, protocol anomaly, or IOC match).
- Report: The agent sends the incident to
api.yourcompany.com/api/v1/agent/incidents. - Classification: The detection engine classifies the attack type, assigns severity, and creates an incident record.
- Sub-workspace notifications: All alert channels configured in the customer's sub-workspace fire (Discord, Slack, email, webhooks, PagerDuty, etc.).
- Cross-workspace webhook: If you have a cross-workspace webhook configured, your parent workspace also receives the event as an HMAC-signed POST to your endpoint.
Cross-workspace webhook payload
When a cross-workspace webhook is configured, your parent workspace receives a POST for every incident event across all sub-workspaces:
Signature verification
Verify the HMAC-SHA256 signature to ensure the webhook is authentic:
Threshold Templates
Partners can create detection threshold presets and apply them across multiple sub-workspaces. This standardizes detection settings across your entire customer base.
- Create a template: Define PPS/BPS thresholds, protocol sensitivity, and detection modes via the white-label API.
- Apply to a sub-workspace: Push the template to all nodes in a sub-workspace with a single API call. Existing per-node overrides are preserved unless you force-apply.
- Update across customers: When you update a template, re-apply it to propagate changes to all sub-workspaces that use it.
Authentication & Scoping
Partner API tokens are created in Settings → White Label → API Tokens. These tokens have elevated permissions for managing sub-workspaces.
Token scoping
You can restrict tokens to specific resources and operations. Available scopes:
| Scope | Access |
|---|---|
| workspaces | Create, read, update, and deactivate sub-workspaces |
| nodes:read | List and view nodes across sub-workspaces |
| nodes:write | Create, update, and delete nodes |
| incidents:read | List and view incidents across sub-workspaces |
| channels:write | Manage alert channels in sub-workspaces |
| partner:overview | Access aggregate partner stats |
| templates:write | Create and apply threshold templates |
Domain binding
Requests made through your custom API domain (api.yourcompany.com) are automatically restricted to your tenant's tokens. A token from a different workspace cannot authenticate against your domain.
Rate limits
| Default | 1,000 requests per minute |
| Burst | Up to 50 requests per second |
| Custom limits | Available on request for high-volume partners |
Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset.