Connections

Learn how to configure and manage connections in Agent Auth to enable authentication and tool execution with third-party providers.

Connections in Agent Auth are specific configurations that define how your application authenticates and interacts with third-party providers. Each connection contains the necessary credentials, settings, and parameters required to establish secure communication with a provider’s API.

What are connections?

Connections serve as the bridge between your Agent Auth setup and third-party providers. They contain:

Authentication credentials (OAuth client ID/secret, API keys, etc.)
Configuration settings (scopes, permissions, endpoints)
Tool definitions and their parameters
Rate limiting and retry policies
Custom settings specific to your use case

Connection types

Agent Auth supports various connection types based on different authentication methods:

OAuth 2.0 connections

Most modern APIs use OAuth 2.0 for secure authentication:

1
{
2
  "connection_id": "conn_gmail_oauth",
3
  "provider": "gmail",
4
  "auth_type": "oauth2",
5
  "credentials": {
6
    "client_id": "your-client-id",
7
    "client_secret": "your-client-secret",
8
    "redirect_uri": "https://your-app.com/callback"
9
  },
10
  "scopes": ["https://www.googleapis.com/auth/gmail.send"],
11
  "settings": {
12
    "auto_refresh": true,
13
    "expires_in": 3600
14
  }
15
}

API key connections

Simple authentication using static API keys:

1
{
2
  "connection_id": "conn_jira_api",
3
  "provider": "jira",
4
  "auth_type": "api_key",
5
  "credentials": {
6
    "api_key": "your-api-key",
7
    "base_url": "https://your-domain.atlassian.net"
8
  },
9
  "settings": {
10
    "rate_limit": 100,
11
    "timeout": 30
12
  }
13
}

Custom authentication

For providers with unique authentication requirements:

1
{
2
  "connection_id": "conn_custom_auth",
3
  "provider": "custom_provider",
4
  "auth_type": "custom",
5
  "credentials": {
6
    "username": "your-username",
7
    "password": "your-password",
8
    "token": "bearer-token"
9
  },
10
  "settings": {
11
    "auth_endpoint": "https://api.provider.com/auth",
12
    "refresh_endpoint": "https://api.provider.com/refresh"
13
  }
14
}

Creating connections

Using the dashboard

Navigate to connections in your Agent Auth dashboard
Select provider from the list of available providers
Choose connection type based on your authentication method
Configure credentials by entering your API keys or OAuth settings
Set permissions and scopes for the connection
Test connection to verify configuration
Save connection for use with connected accounts

Using the API

Create connections programmatically using the Agent Auth API:

1
curl -X POST "https://api.scalekit.com/v1/connect/connections" \
2
  -H "Authorization: Bearer YOUR_API_TOKEN" \
3
  -H "Content-Type: application/json" \
4
  -d '{
5
    "provider": "gmail",
6
    "auth_type": "oauth2",
7
    "credentials": {
8
      "client_id": "your-client-id",
9
      "client_secret": "your-client-secret"
10
    },
11
    "scopes": ["https://www.googleapis.com/auth/gmail.send"],
12
    "settings": {
13
      "auto_refresh": true
14
    }
15
  }'

1
const connection = await agentConnect.connections.create({
2
  provider: 'gmail',
3
  auth_type: 'oauth2',
4
  credentials: {
5
    client_id: 'your-client-id',
6
    client_secret: 'your-client-secret'
7
  },
8
  scopes: ['https://www.googleapis.com/auth/gmail.send'],
9
  settings: {
10
    auto_refresh: true
11
  }
12
});

1
connection = agent_connect.connections.create(
2
    provider='gmail',
3
    auth_type='oauth2',
4
    credentials={
5
        'client_id': 'your-client-id',
6
        'client_secret': 'your-client-secret'
7
    },
8
    scopes=['https://www.googleapis.com/auth/gmail.send'],
9
    settings={
10
        'auto_refresh': True
11
    }
12
)

Connection configuration

Authentication settings

Configure authentication based on your provider’s requirements:

OAuth 2.0 settings:

Client ID: Your OAuth application’s client identifier
Client Secret: Your OAuth application’s client secret
Redirect URI: Where users return after authorization
Scopes: Permissions your application requests
Authorization URL: Provider’s OAuth authorization endpoint
Token URL: Provider’s token exchange endpoint

API Key settings:

API Key: Your provider-issued API key
Base URL: Provider’s API base URL
Authentication Header: How the API key is sent (header, query param)
Key Prefix: Any prefix required (e.g., “Bearer ”, “API-Key “)

Scopes and permissions

Define what your application can access:

Common scope patterns:

Read-only: Access to view data only
Read-write: Access to view and modify data
Admin: Full administrative access
Specific resources: Access to particular data types

Example scopes for popular providers:

1
// Gmail scopes
2
const gmailScopes = [
3
  'https://www.googleapis.com/auth/gmail.readonly',    // Read emails
4
  'https://www.googleapis.com/auth/gmail.send',       // Send emails
5
  'https://www.googleapis.com/auth/gmail.modify'      // Modify emails
6
];
7

8
// Slack scopes
9
const slackScopes = [
10
  'channels:read',      // Read channel information
11
  'chat:write',         // Send messages
12
  'files:read'          // Read file information
13
];
14

15
// Jira scopes
16
const jiraScopes = [
17
  'read:jira-work',     // Read issues and projects
18
  'write:jira-work',    // Create and update issues
19
  'manage:jira-project' // Manage projects
20
];

Rate limiting and throttling

Configure how your connection handles API rate limits:

1
{
2
  "rate_limiting": {
3
    "requests_per_minute": 100,
4
    "requests_per_hour": 1000,
5
    "burst_limit": 10,
6
    "backoff_strategy": "exponential",
7
    "retry_attempts": 3
8
  }
9
}

Connection settings

Customize connection behavior:

Token management:

Auto-refresh: Automatically refresh expired tokens
Token expiry: How long tokens remain valid
Refresh buffer: Refresh tokens before expiry
Token storage: Where tokens are securely stored

Request settings:

Timeout: Maximum request duration
Retry policy: How failed requests are retried
User agent: Custom user agent string
Base headers: Headers sent with every request

Managing connections

Connection lifecycle

Connections go through various states:

Draft: Connection is being configured
Active: Connection is ready for use
Testing: Connection is being validated
Inactive: Connection is disabled
Error: Connection has configuration issues

Updating connections

Modify existing connections when requirements change:

Dashboard
API

Navigate to your connections list
Select the connection to modify
Update credentials, scopes, or settings
Test the updated connection
Save changes

1
const updatedConnection = await agentConnect.connections.update('conn_id', {
2
  scopes: ['new-scope-1', 'new-scope-2'],
3
  settings: {
4
    rate_limit: 200,
5
    timeout: 60
6
  }
7
});

Connection monitoring

Monitor connection health and performance:

Authentication status: Track token validity and refresh cycles
API usage: Monitor request volume and rate limit consumption
Error rates: Track failed requests and common errors
Performance metrics: Response times and throughput

Security considerations

Credential management

Secure handling of connection credentials:

Encryption: All credentials are encrypted at rest
Access control: Limit who can view or modify connections
Audit logging: Track all credential access and changes
Rotation: Regular credential rotation policies

OAuth best practices

Follow OAuth 2.0 security best practices:

Use PKCE: Proof Key for Code Exchange for public clients
Validate state: Prevent CSRF attacks with state parameters
Scope limitation: Request minimal necessary scopes
Token storage: Secure token storage and transmission

API key security

Protect API keys properly:

Environment variables: Store keys in environment variables
Key rotation: Regular key rotation schedules
Access logging: Log API key usage
Least privilege: Use keys with minimal required permissions

Troubleshooting connections

Common issues

Authentication failures:

Invalid credentials
Expired tokens
Incorrect scopes
Provider API changes

Rate limiting errors:

Exceeded request limits
Incorrect rate limit configuration
Burst limit violations
Shared quota issues

Configuration problems:

Incorrect endpoint URLs
Missing required settings
Invalid scope combinations
Provider-specific requirements

Debugging steps

Check credentials - Verify all credentials are correct and current
Test authentication - Use the connection test feature
Review logs - Check connection logs for error details
Validate settings - Ensure all settings match provider requirements
Check provider status - Verify provider API is operational
Update configuration - Apply any necessary fixes
Re-test connection - Confirm issues are resolved

Best practices

Connection organization

Naming convention: Use clear, descriptive connection names
Environment separation: Separate connections for dev/staging/prod
Documentation: Document connection purposes and configurations
Version control: Track connection configuration changes

Security practices

Regular updates: Keep credentials and settings current
Monitoring: Continuously monitor connection health
Backup: Maintain secure backups of connection configurations
Access review: Regularly review who has access to connections

Performance optimization

Connection pooling: Reuse connections efficiently
Caching: Cache frequently accessed configuration data
Batch operations: Group API calls when possible
Error handling: Implement robust error handling and retry logic

Connection templates

Use templates for common connection patterns:

Google Workspace template

1
{
2
  "provider": "google_workspace",
3
  "auth_type": "oauth2",
4
  "scopes": [
5
    "https://www.googleapis.com/auth/gmail.readonly",
6
    "https://www.googleapis.com/auth/calendar.readonly"
7
  ],
8
  "settings": {
9
    "auto_refresh": true,
10
    "rate_limit": 100,
11
    "timeout": 30
12
  }
13
}

Slack workspace template

1
{
2
  "provider": "slack",
3
  "auth_type": "oauth2",
4
  "scopes": [
5
    "channels:read",
6
    "chat:write",
7
    "users:read"
8
  ],
9
  "settings": {
10
    "auto_refresh": true,
11
    "rate_limit": 50,
12
    "timeout": 15
13
  }
14
}

Next, learn how to create and manage Connected accounts that use these connections to authenticate and execute tools for your users.