Overview
This guide walks through configuring connections so you can proxy API requests through agntdata using your own vendor credentials.Prerequisites
- An agntdata account with an active workspace.
- An account with the external service.
- For BYOK vendors — an API key with the right scopes.
- For OAuth vendors — login access to the vendor’s account.
OAuth flow
OAuth is the recommended path for any vendor that supports it (Google Docs, Google Sheets, Slack, Stripe, Linear, Cal.com, Supabase, Dub).Open Connections
From the dashboard sidebar, click Connections, then Add connection, and pick the vendor.
request_connection card when it needs a vendor), the callback brings you back into the same chat so you can resume the conversation without context loss.
OAuth tokens are refreshed automatically. If a refresh fails (e.g. the vendor revoked the token), the connection is marked needs_reauth and the dashboard shows a re-connect button.
BYOK (paste an API key)
For vendors without an OAuth flow — Exa, Instantly, HeyReach, AgentMail, Attio, PostHog, SocialScraper, the X official API, memelord — you paste a key.Open Connections
From the dashboard sidebar, click Connections, then Add connection, and pick the vendor.
Generate the vendor API key
Follow the vendor’s docs to create a key with the minimum scopes you need.
When both OAuth and BYOK are available
For vendors that support both, agntdata prefers OAuth. If you’ve completed an OAuth install and also pasted a key, requests use the OAuth credential and the pasted key is ignored. The dashboard surfaces a warning when both exist. For OAuth-capable vendors, the paste-key path is hidden in the dashboard by default — connect through OAuth.Making requests
Once the connection is configured, hit the proxy with your agntdata API key:Managing connections
Viewing
The Connections page lists every configured connection with its auth type (OAuth vs. BYOK), connected status, and last successful call.Updating credentials
- BYOK — click the connection, paste a new key, save.
- OAuth — click Reconnect to step through the consent flow again. The old install is replaced atomically.
Disabling
Toggle Active to off. Proxied requests will return aCONNECTION_DISABLED error until you flip it back on.
Deleting
- Click the connection.
- Click Delete and confirm.
connection_<vendor>_* tools disappear from its tool list on the next tools/list call.
Troubleshooting
401 / 403 from the vendor
401 / 403 from the vendor
- For BYOK: verify the key is correct and has the required scopes. Vendor portals usually let you regenerate.
- For OAuth: the token may have been revoked. Click Reconnect to refresh.
Rate-limit errors
Rate-limit errors
External services enforce their own rate limits separately from agntdata’s. Check the vendor’s docs and back off as the vendor specifies.
Connection timeout
Connection timeout
The external service may be experiencing issues. Check our health status page for upstream dependencies, then retry.
OAuth callback failed
OAuth callback failed
Most callback failures are scope mismatches (the consent screen returned without granting a required scope) or expired install state. Restart the OAuth flow from Connections.
Best practices
Use descriptive names
Use descriptive names
When you have multiple connections to the same vendor (e.g. two Stripe accounts), name them so it’s obvious which is which.
Least privilege
Least privilege
BYOK keys should grant only the scopes the agent actually needs. OAuth scopes are determined by agntdata’s app — we publish the minimal set on each vendor page.
Rotate periodically
Rotate periodically
Vendor security policies usually recommend rotating long-lived API keys every 90 days or so. The dashboard’s connection page tracks creation date.
Next steps
Connections overview
The full list of supported vendors.
Tools
How connections show up as MCP tools.