Tech Security & Dev Tools

At SourceFlow we take tech security extremely seriously. We have created this guide so our customers’ techy and ops teams can easily find any info they require about tech security should they need it.

If you need support for your SourceFlow tech, get in touch.

hero banner
banner text sided

Product architecture

The websites provided by Sourceflow consist of two parts: The static internet facing website, and the dynamic admin control panel and API. There are dynamic on-page javascript elements that interact with the API to provide a dynamic experience to users.

The static websites are precompiled and served directly from filestorage to the user via a CDN, resulting in unparalleled speed and reliability.

The dynamic content is provided by a pool of containerised Ruby on Rails servers.


User accounts

banner text sided


The platform provides a rich API for interacting with the data. This is used to provide both dynamic content on the websites, and to enable integrations between Sourceflow and 3rd parties to meet customer business needs.

The API consists of two types of endpoints; those requiring authentication, and those that are public.

Public API endpoints are for content that is already presented on the website, such as lists of job adverts or other content pages.

Authenticated APIs are for creating new data, or retrieving sensitive data such as candidate data. Authentication is either via session cookies (for APIs being used by the page the user is looking at) or via the Client Credentials OAuth2 flow for any external connection.

API credentials are also assigned roles to control which endpoints they can interact with.

Ready to grow
with the Flow?

Whether you want to refresh your recruitment website design or take on several global sites, we have the experience and expertise you need.