📘 Public beta · Endpoints are stable; OpenAPI specs and SDKs ship monthly. See changelog →
Products
AI Automation
Flows

Flows

A flow is a versioned DAG. Identical concept to Orchestration's workflow, with extra node types and trigger modes.

Flow object

{
  "id": "flw_01HXY...",
  "slug": "ticket-triage-v1",
  "name": "Ticket triage",
  "description": "...",
  "spec": { /* DAG */ },
  "status": "active | draft | paused",
  "triggerType": "api | webhook | cron",
  "cronExpression": "*/15 * * * *",
  "cronEnabled": true,
  "nextCronRunAt": "...",
  "lastCronRunAt": "...",
  "webhookToken": "wht_...",
  "webhookSecret": "(only on flow read, not list)",
  "version": 3,
  "createdAt": "...",
  "updatedAt": "..."
}

llm_step

The marquee node type. Calls Quantum AI with templated prompts and a structured output schema.

{
  "id": "classify",
  "type": "llm_step",
  "model": "quantum-ai:default",
  "systemPrompt": "You are a fraud-investigation assistant...",
  "userPrompt": "Investigate transaction ${trigger.transactionId}. Customer history: ${step.fetch_history.output.history}.",
  "outputSchema": {
    "type": "object",
    "properties": {
      "verdict":     { "type": "string", "enum": ["clear", "suspicious", "needs_review"] },
      "reasoning":   { "type": "string" },
      "evidence":    { "type": "array", "items": { "type": "string" } }
    },
    "required": ["verdict", "reasoning"]
  },
  "tools": [
    {
      "slug": "search_transactions",
      "description": "Look up recent transactions for the customer",
      "inputSchema": { "type": "object", "properties": { "customerId": { "type": "string" } } }
    }
  ],
  "temperature": 0.2,
  "maxTokens": 800
}

Output

{
  "output": {
    "text": "Raw LLM response text",
    "parsed": { "verdict": "suspicious", ... },
    "model": "quantum-ai:default",
    "inferenceMs": 1250,
    "tokens": { "prompt": 412, "completion": 187, "total": 599 },
    "toolCalls": [
      { "slug": "search_transactions", "input": { ... }, "output": { ... } }
    ]
  }
}
FieldNotes
textRaw model output (string).
parsedIf outputSchema was provided, the parsed structured object. Validation enforced.
inferenceMsWall-clock model latency.
tokensToken usage. Used for billing.
toolCallsEach tool invocation: input + output.

Schema validation

When outputSchema is provided, we constrain the model to emit valid JSON matching the schema and re-validate server-side. Invalid output triggers a retry (up to 3 attempts) before failing the step.

http_request

Ad-hoc outbound HTTP without registering a service connection. Use sparingly — service connections are better for anything you'll call repeatedly (credentials, audit, health checks).

{
  "id": "fetch_weather",
  "type": "http_request",
  "method": "GET",
  "url": "https://api.openweathermap.org/data/2.5/weather?q=Jakarta&appid=${env.OWM_KEY}",
  "headers": { "Accept": "application/json" }
}

Output is { statusCode, headers, body }.

http_sink

Convenience for "POST this step's input to a URL." Equivalent to http_request with hard-coded method and url-body.

{
  "id": "send_to_crm",
  "type": "http_sink",
  "url": "https://your-crm.example.com/webhooks/quantum",
  "body": {
    "ticketId": "${trigger.ticketId}",
    "classification": "${step.classify.output.parsed}"
  }
}

Plus all of Orchestration's node types

service_call, decision, transform, wait, webhook_emit, human_approval work identically to Orchestration — see Orchestration → Workflows.

CRUD endpoints

POST/api/flows
Auth · API keyScope · flows:write
GET/api/flows
Auth · API keyScope · flows:read
GET/api/flows/{id}
Auth · API keyScope · flows:read
PATCH/api/flows/{id}
Auth · API keyScope · flows:write
DELETE/api/flows/{id}
Auth · API keyScope · flows:write

Listing supports status filter and standard pagination.

PATCH of spec bumps version and resets to draft if you remove fields. Status changes (activepaused) don't bump version.

DELETE cascades to runs. Use paused instead if you want to keep history.

Executing a flow

POST/api/flows/{id}/execute
Auth · API keyScope · runs:write

Body — your trigger data, plus an optional idempotency key:

{
  "ticketId": "tkt_01HXY...",
  "subject":  "...",
  "body":     "...",
  "idempotencyKey": "ticket-tkt_01HXY-2026-05-25"
}
FieldNotes
idempotencyKeyOptional. Any string ≤ 256 chars. Repeated executes with the same key within 24 hours return the original runId instead of starting a new run — safe for at-least-once retry from your service.

Response is 202 Accepted with the runId. Track the run via Runs →.

Rotating the webhook secret

POST/api/flows/{id}/rotate-webhook-secret
Auth · API keyScope · flows:write

Returns a new secret. The old secret stays valid for 24 hours to let you migrate webhook senders gracefully.

{
  "data": {
    "webhookSecret": "qe_whsec_new...",
    "previousValidUntil": "2026-05-25T08:14:22Z"
  }
}

Flow specs can leak secrets if you're not careful

env.X references are resolved at runtime from your org's environment config (set in the dashboard). Putting plaintext secrets directly in a spec.nodes[].headers or body field is supported but a bad idea — the spec is queryable, audit-logged, and exported. Always use ${env.NAME} and store the real value in env config.

QuickstartRuns