Search

Using FME Flow for Connection Storage in FME Form

Matt Meeboer
Matt Meeboer
  • Updated

Introduction

FME Flow can be the storage location for database and web connections in FME Form. This allows connections to be shared from an FME Flow instance amongst FME Form users. The same connections can also be used by FME Flow jobs. FME Flow administrators can prevent connections from being modified in FME Form by setting FME Flow permissions. 

For OAuth 2.0 web services that have previously required different configurations for FME Form and FME Flow, configuration only needs to be done for FME Flow. 

This article will cover permissions, enabling FME Flow as the connection storage location, and creating connections.

Requirements

  • FME Flow 2025 or later. Note that:
    • Note: for OAuth 2.0 (Authorization Code) web connections and services, please use 2025.0.2 b25225 or later. In earlier builds of FME Flow 2025, it was not possible to use OAuth 2.0 (Authorization Code) web connections when FME Flow was the connection storage.
  • A reliable web connection from FME Form to FME Flow

Step-by-Step Instructions

Part 1: Managing Permissions

Permissions are the most important consideration when using FME Flow as the connection storage location in FME Form, as actions taken in FME Form will impact FME Flow. The account used in the FME Flow connection determines what permissions you will have for viewing, creating, modifying, or removing connections. 

Connection permissions are managed in FME Flow. Role-based access control (RBAC) is recommended for managing permissions, where possible. FME Flow administrators and superusers have permission to manage role-based access control by default.

Apply permissions

There are two levels of connection permissions:

  1. General permissions to the Connections feature. 
  2. Permissions to individual connections

For example, a user in a role with permission to manage connections can edit and remove connections they have been granted Write access to. To learn more about what these permissions mean, expand Connections in the FME Flow Roles documentation.

Users with permission to manage connections must be very careful when using FME Flow as the connection storage location. Editing or removing a connection in FME Form can impact other workspaces that depend on it in FME Flow!

In FME Form 2025.0 and FME Form 2025.1, users without permission to manage web connections in FME Flow can see them in FME Form. Also, users without permission to access database connections can see database connection details when they have only run access. In both cases, edits cannot be made. We strongly recommend upgrading to FME Form 2025.2. 

Share a connection

Connection owners can share their connections after they have been created. Users with permission to manage connections can also share connections they have been granted Write access to. In FME Flow, click the share icon next to the connection you want to share.

Prevent authors from creating, editing, or removing connections on FME Flow

By default, the fmeauthor role has permission to access, create, and manage connections. To restrict this, administrators can remove Create and Manage permissions.

Authors and other users can still run workspaces in FME Form and Flow with connections as long as they have Access permission and Run permission for the individual connection. For example:

This setup allows FME Form users to author and run workspaces with existing connections. However, without permission to create connections, authors need to switch to a personal or shared connection storage location in FME Form when needed. They will not be able to upload new connections to FME Flow from FME Options or when publishing a workspace to FME Flow. In this more restricted workflow, authors can provide their connection details to an FME Flow administrator who can create it on their behalf and grant the author Run permission.

Part 2: Enabling FME Flow for Connection Storage

Before enabling FME Flow connection storage, consider permissions as discussed in Part 1.

1. Open Utilities > FME Options > Default Paths

2. From the Manage menu, choose Change Connection Storage

3. Choose FME Flow as the Connection Storage option

After choosing FME Flow, you can choose the FME Flow connection to use or create a new one. This connection will be created in your personal connection database, so it is not lost when you disconnect from FME Flow.

The account used in the FME Flow connection determines what permissions you will have for viewing, creating, or modifying connections. 

4. View Connections

Any database and web connections your FME Flow account has access to will be listed in FME Options under Database Connections and Web Connections, provided you are connected to the FME Flow instance.  

Part 3: Creating and Managing Connections

Provided you have permissions in FME Flow (see Part 1), the process to create, edit, or remove a connection is similar for other types of connection storage. Please see Using Database Connections and Using Web Connections. There are 3 significant differences in behavior:

1. The connection will be created, edited, or removed from FME Flow. 

Exercise caution and consider permissions when editing or removing existing connections, as discussed Part 1.

2. For new web connections, the web service must first be added to FME Flow. 

It's recommended to use personal or shared connection storage, configure the web service, and upload it to FME Flow. When you change the connection storage back to FME Flow, you will be able to create web connections using the web service. Note that it is mostly OAuth2.0 (Authorization Code Flow) web services that require configuration by making a copy of the web service template and adding details specific to your client. See Creating an OAuth 2.0 Web Service and Connection in FME for more details. Many Token (OAuth 2.0 Credentials Flow) web service templates do not need additional configuration to use on FME Flow. 

When FME Flow is set as the connection storage, web service templates could be automatically uploaded to FME Flow outside of the recommended approach above. Below are some scenarios:

  • By downloading the web service template from the FME Hub via Utilities > FME Options > Default Paths
  • By installing a package from the FME Hub that comes with a web service template (some include multiple templates)
  • By creating a new web service from some readers, writers, or transformers, like the Esri ArcGIS Feature Service Reader. Note: If the web service template comes from the FME Hub and has been removed from FME Flow, you may be prompted to install or reinstall a package

Since many web service templates will require making a copy of the template and configuring it in FME Form (see point 3 below), the above scenarios would result in both the template and the configured web service existing on FME Flow. If your organization does not want users to create web connections using unconfigured web service templates, as this can result in broken web connections, then use the recommended approach at the top of this point and restrict permissions on FME Flow as described in Part 1

If you are creating an FME Flow web connection to use on FME Flow for the first time (for example, in an HTTPCaller or FMEFlowJobSubmitter), it must be created in FME Form with the recommended approach of using personal or shared connection storage and then uploading the web service to FME Flow. You can then change the connection storage back to FME Flow and create subsequent FME Flow web connections. Note that when FME Flow is chosen as the connection storage location, connections created using the FME Flow Connection widget are not stored in FME Flow, but in your personal connection storage.

3. For OAuth2.0 (Authorization Code) web services, configure for FME Flow, not FME Form

  • Create a copy of the web service template in FME Form and configure it for FME Flow
  • The Redirect URI must be in the format <your FME Flow URL>/fmeoauth 
  • Any web application-specific configuration required by the web service provider should be applied to the client registration. See Creating an OAuth 2.0 Web Service and Connection in FME for more details. For example, Microsoft web services typically require that the Redirect URI is added to the web platform of an Azure app registration and that a client secret is provided.

Considerations for Esri Geodatabase (ArcSDE) Connections

Esri Geodatabase (ArcSDE) database connections are unique in FME in that all connection information is stored in a separate file, the SDE (.sde extension) file. 

When using FME Flow for connection storage with Esri Geodatabase connections, both FME Flow and FME Form must be able to access the path to the SDE file. To accommodate this, it's recommended to keep the SDE files on a network share, as discussed in How to Create and Manage Esri Geodatabase (ArcSDE) Connections in FME. FME Form will not, by default, see SDE files stored in FME Flow's resource storage when FME Flow is used as the connection storage location. 

 

Troubleshooting

“I don’t see my connections in the publish wizard when publishing to FME Flow. I also can’t upload connections from FME Options.”

This is expected behavior. When FME Flow is used as the connection storage, connections already exist on FME Flow, so there is no need to upload the connection.

“I receive the error ‘Deployment parameter access failed (Connection Error)’ when I try to create a connection.”

This is a known issue (FMEFLOW-24425). You need Access deployment parameter permission to create a connection on FME Flow. 

“I receive the error ‘Package install failed’ when I try to install a package.”

Click “Show Details…” and check the error details. If there is a 403 Unauthorized request, it’s likely because your FME Flow account doesn’t have permission to create connections, which means you can also not create web services. 

Many packages include web service templates. When FME Flow is set as the connection storage location in FME Form, FME Form tries to install the web service template in FME Flow. 

“I receive a ‘403 Unauthorized request’ error on the Database Connections or Web Connections tab in FME Options and I can’t see any connections listed.”

Your account has been prevented from viewing connections in FME Flow. To view connections, Access connection permission and Run permission for the individual connection are required. Speak to your FME Flow Administrator.

“I receive a ‘403 Unauthorized request’ error when I try to create, edit, or remove connections.”

Your account has been prevented from creating or managing connections in FME Flow. Speak to your FME Flow Administrator.

Was this article helpful?

We're sorry to hear that.

Please tell us why.

As of January 14th, 2026, comments on knowledge base articles have been closed. To make sure questions don’t get missed and to enable more community support, we’ve moved discussions to the FME Community. If you have a question or a comment about this article, please create a new post or create a support ticket.