bfl-api
Integrates BFL FLUX API for image generation and processing with guidance on endpoints, polling, and error handling.
Install this skill
Security score
The bfl-api skill was audited on Feb 12, 2026 and we found 31 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Curl to non-GitHub URL
| 84 | curl -X POST "https://api.bfl.ai/v1/flux-2-pro" \ |
Curl to non-GitHub URL
| 96 | curl -X POST "https://api.bfl.ai/v1/flux-2-pro" \ |
Curl to non-GitHub URL
| 215 | curl -s -X POST "https://api.bfl.ai/v1/flux-2-pro" \ |
Curl to non-GitHub URL
| 252 | curl -s -X POST "https://api.bfl.ai/v1/flux-2-pro" \ |
Webhook reference - potential data exfiltration
| 3 | description: BFL FLUX API integration guide covering endpoints, async polling patterns, rate limiting, error handling, webhooks, and regional endpoints with Python and TypeScript code examples. |
Webhook reference - potential data exfiltration
| 7 | tags: flux, bfl, api, integration, webhooks, rate-limiting |
Webhook reference - potential data exfiltration
| 33 | - Configuring webhooks for production |
Webhook reference - potential data exfiltration
| 133 | ### Polling vs Webhooks |
Webhook reference - potential data exfiltration
| 138 | | **Webhooks** | Production apps, high volume, server-to-server, when you need immediate notification | |
Webhook reference - potential data exfiltration
| 140 | **Start with polling** - it's simpler and works everywhere. Switch to webhooks when you need to scale or want event-driven architecture. |
Webhook reference - potential data exfiltration
| 146 | - **Webhook Support**: Configure `webhook_url` for production workloads |
Webhook reference - potential data exfiltration
| 200 | - [references/webhook-integration.md](references/webhook-integration.md) - Webhook setup and security |
Access to .env file
| 161 | 2. **Save to `.env`** (recommended for persistence): |
Access to .env file
| 163 | echo 'BFL_API_KEY=bfl_your_key_here' >> .env |
Access to .env file
| 164 | echo '.env' >> .gitignore # Don't commit secrets |
External URL reference
| 43 | | Global | `https://api.bfl.ai` | Default, automatic failover | |
External URL reference
| 44 | | EU | `https://api.eu.bfl.ai` | GDPR compliance | |
External URL reference
| 45 | | US | `https://api.us.bfl.ai` | US data residency | |
External URL reference
| 75 | > **Tip:** All FLUX.2 models support image editing via the `input_image` parameter - no separate editing endpoint needed. Use [bfl.ai/pricing](https://bfl.ai/pricing) calculator for exact costs at dif |
External URL reference
| 84 | curl -X POST "https://api.bfl.ai/v1/flux-2-pro" \ |
External URL reference
| 89 | "input_image": "https://example.com/photo.jpg" |
External URL reference
| 96 | curl -X POST "https://api.bfl.ai/v1/flux-2-pro" \ |
External URL reference
| 101 | "input_image": "https://example.com/person.jpg", |
External URL reference
| 102 | "input_image_2": "https://example.com/background.jpg" |
External URL reference
| 160 | 1. **Get a key**: Go to https://dashboard.bfl.ai/get-started → Click **"Create Key"** → Select organization |
External URL reference
| 215 | curl -s -X POST "https://api.bfl.ai/v1/flux-2-pro" \ |
External URL reference
| 224 | { "id": "abc123", "polling_url": "https://api.bfl.ai/v1/get_result?id=abc123" } |
External URL reference
| 236 | { "status": "Ready", "result": { "sample": "https://...", "seed": 1234 } } |
External URL reference
| 252 | curl -s -X POST "https://api.bfl.ai/v1/flux-2-pro" \ |
External URL reference
| 257 | "input_image": "https://example.com/cat.jpg", |
External URL reference
| 258 | "input_image_2": "https://example.com/room.jpg", |