FlowRelay FlowRelay Docs Shopify Flow
Website → Start setup →
All docs pages

START

USE CASES

SET UP

OPERATE

RECOVER

AGENT ACCESS

REFERENCE

Agent Access

Agent orientation

Agents learn FlowRelay from public docs first, then use authenticated API, CLI, or, when enabled, MCP only within the merchant-authorized grant.

Reference Read Agent mission playbooks.

Agent workflow

Agents should orient through docs before using authenticated tools.

  1. 01Confirm the agent client can keep bearer tokens private and call HTTP, CLI, or MCP tools without exposing the token in public prompts, files, or logs.
  2. 02Fetch /llms.txt to discover canonical pages and Markdown equivalents.
  3. 03Read the Markdown page for the task, such as setup, receipts, replay, diagnostics, or grants.
  4. 04Read /agent/v1/manifest to confirm platform identity, capability metadata, docs URLs, safety boundaries, and route names.
  5. 05Read /agent/v1/plan-usage before high-volume loops, broad investigation, or repeated action previews.
  6. 06Use OpenAPI for exact request and response contracts before calling authenticated routes.
  7. 07Use the CLI, or MCP Agent Operations access when enabled, only as wrappers over the same scoped Agent Operations contract.
  8. 08Escalate to a human when the docs, grant, manifest, or refusal reason says the action is outside authority.

Client requirements #

Use an agent client only when it can keep the bearer token private and operate tools safely. Codex, Claude Code, the FlowRelay CLI, direct API clients, and enabled MCP Agent Operations access all use the same scoped contract. Other agent clients should meet the same private secret handling and tool-access requirements before receiving a grant token.

Orientation order #

Start with /llms.txt for the index, read the relevant Markdown page, check /agent/v1/manifest for edition and capability context, then use OpenAPI for exact request and response shapes. For endpoint create or edit work, read the trigger variants and event mapping reference before choosing triggerVariant or resource path fields.

Endpoint setup work #

When an agent creates or edits an endpoint, it should choose the trigger variant from product intent, send null for inactive resource path fields, and use the mapping reference to decide whether resourceIdPath or relatedResourceIdPath applies.

Base URL and token #

Use https://api.flowrelay.app as the Agent Operations base URL. Store the scoped Agent Access token in an environment variable, OS keychain, secret manager, or MCP host secret configuration. The token should not be pasted into public examples, docs, shared prompts, logs, support tickets, screenshots, or repo files.

Which surface to use #

The API is canonical. The CLI and MCP Agent Operations access behave as wrappers over the same Agent Operations contract when enabled and point agents back to these docs when they need product context.

Check usage before loops #

Use /agent/v1/plan-usage before broad investigation, polling, or repeated action previews. It exposes exact Agent Operations limits and enforcement state so agents can self-throttle instead of discovering a cap mid-task.

Skills timing #

Use the FlowRelay Operator Skill as the installable playbook over the canonical docs, OpenAPI, CLI, and MCP references. It points agents back to these docs for product meaning and safety boundaries.

Escalation #

Escalate when the grant, manifest, docs, API refusal, CLI response, or MCP tool result says the action is outside authority or requires human judgment.