Access Review Workflow
Quarterly user access review workflow with manager certification, separation of duties validation, remediation tracking, and compliance reporting for audit purposes.
Templates
Explore ready-to-use FlowZap workflow templates. Search by keyword and filter with valuable SEO-focused tags. Want to share your FlowZap Code creation? With your name and a link to your website and all? Submit your FlowZap Code here.
Top tags:
28 templates
Api Key Rotation Workflow
API key rotation workflow with new key generation, dual-key transition period, client notification, old key deprecation, and audit logging.
Authentication Flow Workflow
User authentication workflow with credential validation, MFA challenge, JWT token generation, session creation, and failed attempt tracking.
Certificate Renewal Workflow
SSL/TLS certificate renewal workflow with expiration monitoring, certificate request by type (DV/OV/EV), domain validation, deployment to load balancers, and health check verification with rollback.
Customs Clearance Workflow
International customs clearance workflow with importer documentation, customs broker HS code classification, duty calculation, customs authority inspection, and clearance certificate issuance.
Oauth Flow Workflow
OAuth 2.0 authorization code flow with redirect handling, code exchange, token storage, refresh token rotation, and scope management.
On Call Rotation Workflow
On-call rotation workflow with schedule creation, shift handoffs, override management, escalation policies, and fair rotation distribution.
Secret Rotation Workflow
Automated secret rotation workflow with HashiCorp Vault for API keys, database passwords, and certificates including Kubernetes secret updates and rolling service restarts.
Security Scan Workflow
Security scanning workflow with SAST, DAST, dependency vulnerability scanning, finding triage, and remediation tracking in CI/CD pipeline.
Sms Verification Workflow
SMS phone verification workflow with OTP generation, rate limiting, code validation, retry handling, and verification status tracking.
Two Factor Setup Workflow
Two-factor authentication setup workflow with method selection (TOTP/SMS), QR code generation, backup codes, and verification confirmation.
Vendor Onboarding Workflow
Vendor onboarding workflow with application review, W-9/W-8BEN verification, insurance certificate validation, background checks, and compliance approval before vendor activation.
Vulnerability Patch Workflow
Security vulnerability patching workflow with CVE scanning, severity-based triage (critical/high/medium), patch testing, staging deployment, and production rollout with rollback capability.
Microservices API Gateway Architecture
A microservices API gateway architecture diagram showing request routing, JWT authentication, rate limiting, service discovery, and response aggregation across distributed backend services. This template models the entry point for all client traffic in a microservices ecosystem, enforcing security policies before requests reach internal services. Ideal for platform engineers designing scalable API infrastructure with centralized cross-cutting concerns.
Microservices Service Mesh Architecture
A service mesh architecture diagram with Istio or Linkerd sidecar proxies handling mTLS encryption, traffic policies, circuit breaking, and distributed tracing across microservices. This template visualizes how a service mesh abstracts networking concerns away from application code, enabling zero-trust communication between services. Essential for teams adopting service mesh infrastructure to improve observability and security.
Rate Limiter Architecture
A rate limiter architecture diagram implementing the token bucket algorithm with Redis-backed distributed counters, sliding window logs, API key identification, rate limit headers, and multi-node synchronization for consistent enforcement. This template shows how to protect APIs from abuse and ensure fair usage across clients, with proper HTTP 429 responses and Retry-After headers. Essential for API platform teams building production-grade rate limiting infrastructure.
Health Check Pattern Architecture
A health check pattern architecture diagram with load balancer probes, deep health checks verifying database, cache, disk, and dependency status, automatic instance rotation, and alerting integration with PagerDuty for consecutive failures. This template models the health monitoring infrastructure that enables self-healing systems, where unhealthy instances are automatically removed from rotation and operations teams are alerted. Key for building production-ready services with proper observability.
Zero Trust Security Architecture
A zero trust security architecture diagram with device posture checks, MFA identity verification, risk-based policy decisions, short-lived JWT tokens, micro-segmentation, mTLS encryption, least-privilege access enforcement, and continuous monitoring. This template models the 'never trust, always verify' security paradigm where every request is authenticated and authorized regardless of network location. Essential for security architects implementing modern zero-trust frameworks in cloud-native environments.
Multi-Tenant SaaS Architecture
A multi-tenant SaaS architecture diagram with tenant identification, tier-based routing (shared vs dedicated pools), row-level security, per-tenant encryption keys, and isolated backup strategies for standard and enterprise isolation models. This template models the architecture decisions for building SaaS platforms that serve multiple customers from shared infrastructure while maintaining strict data isolation. Critical for SaaS architects balancing cost efficiency with enterprise security requirements.
AI-Native Parallel Fan-Out Architecture
A parallel fan-out architecture that runs multiple agents simultaneously on independent checks (style, security, performance) and then merges results. This is a standard multi-agent design approach for throughput, mapping cleanly to CI/CD, incident response, and research. Fan-in reconciliation becomes the subtle part.
AI Orchestration - Parallel Fan-Out (Map-Reduce)
A map-reduce style architecture where a coordinator fans out tasks to multiple parallel worker agents (style check, security audit, performance analysis), gathers all results, and makes an aggregate decision. Best for PR reviews, code reviews, and multi-dimensional analysis.
MCP Direct Connect Architecture
The simplest MCP pattern — direct connection between host application and MCP server over stdio or HTTP. No extra hops, lowest latency, easiest debugging. Perfect for MVPs, hackathons, and single-team setups where security governance is not yet a concern.
MCP Gateway Proxy Architecture
An API gateway pattern that sits between agents and MCP servers to handle authentication, rate limits, and auditing. The gateway enforces OAuth 2.0, SAML, SSO, tool-level rate limiting, and team-based quotas. Essential for multi-team or multi-tenant MCP deployments.
Zero Trust Agent Identity Pipeline
Zero-trust AI agent identity architecture with JWT validation, scoped OBO token exchange, SPIFFE/SVID workload identity, and MCP tool authorization.
MCP Zero-Trust Boundary
MCP security gateway architecture that authenticates tool calls, routes execution into isolated sandboxes, sanitizes responses, and returns clean results to the AI agent.
Runtime Permission Gating
Least-privilege AI agent architecture with policy-engine evaluation, just-in-time access, short-lived credentials, and action-scoped grants before tool execution.
Risk-Tiered Human-in-the-Loop
Human-in-the-loop approval architecture that scores agent actions by risk, routes high-risk requests for review, and writes immutable audit records.
Secure Multi-Agent Communication
Multi-agent security architecture with scoped tokens, API gateway enforcement, mTLS-protected worker calls, and orchestrator-driven result aggregation.