Integrating an external API in FlutterFlow involves six steps: evaluate the API's auth method and rate limits, test it in Postman or the browser first, create an API Group in the API Manager with the base URL and auth headers, add individual API Calls with method and path, extract response fields using JSON Path, and bind results to UI widgets via Backend Query. For APIs requiring OAuth or sensitive credentials, route all calls through a Cloud Function. Always implement error handling and response caching before launch.
Add any external REST API to your FlutterFlow app using the API Manager
FlutterFlow's API Manager lets you connect to virtually any REST API — weather services, social platforms, payment processors, communication tools, data providers, and custom backends. The process is the same regardless of the API: create an API Group with shared configuration, add individual API Calls for each endpoint, test responses in the browser, and bind returned data to your UI widgets. This comprehensive guide covers the full workflow from reading API documentation to displaying live data in your app, including the tricky parts: authentication patterns, JSON path extraction for nested responses, error state handling, and rate limit compliance.
Prerequisites
- A FlutterFlow project created and open in the editor
- The API documentation URL for the external service you want to integrate
- An API key or access token for the external service (sign up for a free tier if available)
Step-by-step guide
Evaluate the API before adding it to FlutterFlow
Evaluate the API before adding it to FlutterFlow
Before writing a single API call in FlutterFlow, spend 15 minutes reading the API documentation: (1) Auth method: does it use API key in a header, API key as a query parameter, Bearer token, Basic Auth, or OAuth 2.0? API key and Bearer token work directly in FlutterFlow API Groups. OAuth 2.0 requires a Cloud Function for the token exchange. (2) Rate limits: how many requests per minute or per day on the free tier? A 100 request/day limit breaks immediately when you have real users. (3) Response format: is it JSON? Are there nested objects or arrays you need to navigate? (4) CORS policy: most APIs work fine from Cloud Functions but some block browser/mobile requests (CORS errors). Test with Postman or curl before trusting the docs. (5) Pricing: check overage fees — some APIs charge per request and a spike in usage creates unexpected bills.
Expected result: You know the auth method, rate limits, response structure, and pricing model before starting the FlutterFlow configuration.
Create an API Group in FlutterFlow's API Manager
Create an API Group in FlutterFlow's API Manager
In FlutterFlow, click the API Manager icon (plug symbol) in the left sidebar. Click Add API Group. Name it after the service (WeatherAPI, OpenAI, Stripe). Set the Base URL to the API's root URL (everything up to the path that changes per endpoint, for example: https://api.openweathermap.org/data/2.5). Under Headers, add the authentication header based on the API's auth method: For API key in header: Key = X-API-Key (or whatever the API specifies), Value = [apiKeySecret] where apiKeySecret is stored in Settings → Secrets. For Bearer token: Key = Authorization, Value = Bearer [bearerToken]. For Basic Auth: Key = Authorization, Value = Basic [base64EncodedCredentials]. For query param API keys: do not add to headers — add to each API Call's Query Parameters tab instead. Add Content-Type: application/json if you will be sending JSON request bodies.
Expected result: An API Group appears in the API Manager with the base URL and authentication header configured.
Add an API Call and test the response
Add an API Call and test the response
Inside your API Group, click Add API Call. Name it descriptively (getWeatherByCity, searchProducts, createLead). Set the HTTP method (GET, POST, PUT, PATCH, DELETE). Set the path relative to the group's base URL (e.g., /weather for https://api.openweathermap.org/data/2.5/weather). Add Query Parameters if the API needs them: click Add Parameter, enter the key name (q for city name, units for temperature units), and set the value type (String Literal for fixed values, Variable for dynamic values). For POST requests, click the Body tab → select JSON → add key-value pairs for the request body. Click Response & Test tab → click Test to execute the call. Inspect the JSON response tree. Click the toggle on each field you want to use in your app to extract it. FlutterFlow creates JSON path accessors for each selected field.
Expected result: A successful API test shows the response data and FlutterFlow extracts the JSON paths you can use in data bindings.
Bind API response data to UI widgets
Bind API response data to UI widgets
Add a Backend Query to a page or widget: select the page → Properties Panel → Backend Query tab → Add Query → Select API Call → pick your new API Call → set any variable values (like the city name from a Page State variable). Inside the widget tree that is a descendant of this Backend Query, click any widget property (Text content, Image URL, Container color). In the Set from Variable picker, select Backend Query → [your API call name] → [field path you extracted in step 3]. For list responses: add a ListView widget inside the Backend Query → click Generate Dynamic Children → bind the list result to create one child widget per item. For error states: add a Conditional Widget or set the widget's visibility to only show when the Backend Query status is Success. Show a loading CircularProgressIndicator when status is Loading.
Expected result: UI widgets on the page display live data from the external API, updating when the page loads or when Backend Query parameters change.
Add error handling and rate limit compliance
Add error handling and rate limit compliance
In any Action Flow that calls an API: after the API Call action, add an IF condition checking the response status code. If the code is not 200 (or 201 for POST), branch to an error path: show a Snackbar with a user-friendly message, set a Page State error variable, and optionally log the error to a Firestore errors collection. For rate limiting: if the API returns 429, implement a backoff — add a Wait action (1 second) and retry the call once. For high-traffic APIs: cache responses in App State or Firestore. Check if a cached result exists and is less than X minutes old before calling the API. This prevents re-fetching the same data on every navigation. For OAuth APIs that need token refresh: deploy a Cloud Function that manages token storage and refresh, and call that CF instead of the API directly.
Expected result: The app shows appropriate error messages when the API fails and does not overwhelm the API with redundant requests.
Complete working example
1EXTERNAL API INTEGRATION CHECKLIST FOR FLUTTERFLOW23PRE-INTEGRATION EVALUATION:4[ ] Auth method: API key / Bearer / Basic / OAuth?5[ ] Rate limit: requests per minute/day on free tier?6[ ] CORS: does API allow requests from mobile apps?7[ ] Response format: flat JSON or deeply nested?8[ ] Pricing: what happens on overage?910API MANAGER SETUP:11├── API Group12│ ├── Base URL: https://api.service.com/v113│ ├── Headers:14│ │ ├── Authorization: Bearer [token] OR15│ │ ├── X-API-Key: [apiKeySecret] OR16│ │ └── Content-Type: application/json17│ └── Variables: shared vars reused across calls18│19└── API Calls (one per endpoint):20 ├── Method: GET / POST / PUT / PATCH / DELETE21 ├── Path: /endpoint (relative to base URL)22 ├── Query Params: key=value or key=[variable]23 ├── Body (POST): JSON key-value pairs24 └── Response & Test: extract JSON paths2526AUTH METHOD PATTERNS:27├── API Key in header: X-API-Key: [secret]28├── Bearer token: Authorization: Bearer [token]29├── Basic Auth: Authorization: Basic base64(user:pass)30├── Query param: add to each API Call's Params tab31└── OAuth 2.0: requires Cloud Function proxy3233DATA BINDING:34├── Single object: Backend Query → Set from Variable35├── List: Backend Query → Generate Dynamic Children36├── Loading state: CircularProgressIndicator37└── Error state: Conditional Widget on status3839ERROR HANDLING IN ACTION FLOWS:40├── After API Call: check response status code41├── 200/201: proceed with success path42├── 400: show validation error message43├── 401/403: show auth error, prompt re-login44├── 429: wait 1s, retry once45└── 500/503: show 'Service unavailable, try again'Common mistakes
Why it's a problem: Not reading the API's rate limit documentation before launching
How to avoid: Read rate limits before starting. Implement response caching in App State or Firestore. If the data changes infrequently (weather updates every 30 minutes, stock prices every 15 minutes), cache the result and serve from cache until it expires.
Why it's a problem: Hardcoding API keys directly in API Group header values
How to avoid: Store all API keys in Settings → Secrets. Reference them in header values as [secretName]. FlutterFlow keeps these out of the compiled binary during development — but note: for truly sensitive operations (payments, user data modification), always proxy through a Cloud Function.
Why it's a problem: Calling APIs that require OAuth 2.0 directly from FlutterFlow without a Cloud Function
How to avoid: For OAuth APIs (Google Calendar, Salesforce, HubSpot, etc.), deploy a Cloud Function that handles the OAuth exchange and token refresh. FlutterFlow calls your Cloud Function, which holds all OAuth credentials and manages the session.
Best practices
- Test every API endpoint in Postman or the API Manager's Response and Test tab before binding it to UI widgets
- Store all API keys and tokens in Settings → Secrets and reference them as [secretName] in header values
- Implement response caching in App State or Firestore for APIs with low rate limits or data that does not change frequently
- Always add error handling after API Call actions in your Action Flows — show user-friendly messages for 4xx and 5xx responses
- Use Cloud Functions as a proxy for OAuth APIs, APIs with sensitive credentials, or APIs that require server-side computation before returning data
- Add a loading state (CircularProgressIndicator) while API calls are in progress to prevent users from thinking the app is broken
- Group related API calls into one API Group per service — this keeps base URLs and shared headers centralized and easy to update when credentials change
Still stuck?
Copy one of these prompts to get a personalized, step-by-step explanation.
I want to integrate [API name] into my FlutterFlow app. The API documentation is at [URL]. Explain: (1) the authentication method and how to configure it in FlutterFlow's API Manager, (2) which endpoints I need for my use case [describe], (3) what the response JSON structure looks like and how to extract the fields I need, and (4) any rate limits or restrictions I should know about.
Set up an API Group in my FlutterFlow project for the OpenWeatherMap API. Base URL: https://api.openweathermap.org/data/2.5. Auth: query parameter appid=[OPENWEATHER_API_KEY] stored in Secrets. Add an API Call named getCurrentWeather with path /weather and query parameters: q=[cityName] (variable), units=metric (static). Extract response fields: name (city name), main.temp (temperature), weather[0].description (condition text), weather[0].icon (icon code). Bind these to a weather card on the home page.
Frequently asked questions
How do I integrate an external API with FlutterFlow?
Use FlutterFlow's API Manager: click the plug icon in the left sidebar → Add API Group with the base URL → add auth headers → add individual API Calls with method and path → test in the Response and Test tab → extract response fields → add a Backend Query to a page → bind extracted fields to widget properties using Set from Variable. The full process takes 20-60 minutes depending on API complexity.
What types of authentication does FlutterFlow's API Manager support?
FlutterFlow's API Manager supports API key in headers, Bearer token in the Authorization header, Basic Auth (base64 encoded), and API keys as query parameters. For OAuth 2.0 (which requires a client secret and token exchange), you need a Cloud Function proxy — FlutterFlow calls the Cloud Function, which manages the OAuth flow and token refresh.
What does a 429 error mean in FlutterFlow API calls?
429 means Too Many Requests — you have exceeded the API's rate limit. Check the API documentation for the rate limit (e.g., 100 requests per day, 60 per minute). Solutions: (1) implement response caching in App State or Firestore so you do not re-fetch data you already have, (2) switch to a higher API tier if your usage genuinely requires more requests, (3) add a Wait action and retry logic for occasional 429 responses in your Action Flow.
Can I call any external API from FlutterFlow or are there restrictions?
FlutterFlow can call any HTTPS REST API that returns JSON. Restrictions: (1) APIs that require OAuth 2.0 need a Cloud Function proxy, (2) APIs with strict CORS policies may block direct calls — use a Cloud Function proxy in that case, (3) GraphQL APIs require sending the query in the POST body (FlutterFlow supports this), (4) SOAP/XML APIs are not natively supported — use a Cloud Function to convert SOAP to JSON. Most modern REST APIs work directly.
How do I parse nested JSON responses in FlutterFlow's API Manager?
In the API Manager → your API Call → Response & Test tab, after running a test, the response JSON tree appears. Click the expand arrows to navigate into nested objects. Toggle the checkbox next to each field you want to use. FlutterFlow creates a JSON path accessor like response.data.items[0].title. When binding to widgets with Set from Variable → Backend Query, these extracted fields appear in the picker.
What if I can't get an API integration working in FlutterFlow?
Common reasons for failure: wrong auth format (check the API docs carefully for exact header name and value format), CORS blocking (test if the same request works from Postman — if it does, add a Cloud Function proxy), response format mismatch (some APIs return non-standard JSON structures that need pre-processing in a Cloud Function). If you have tried these and the integration is still not working, RapidDev has integrated dozens of APIs with FlutterFlow and can diagnose the specific issue quickly.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation