Skip to content

Connectors

Open in workspace →

Connectors let your workflows call external APIs securely. A connector stores the URL patterns your workflow is allowed to reach, along with the secret (like an API key) used to authenticate. The secret is encrypted at rest and injected into requests automatically, so it never appears in your workflow code.

Connectors are used by code action steps. When a code step runs, it can only make HTTP requests to URLs that match a connector’s allowed patterns.

Creating a connector

Section titled “Creating a connector”
  1. Navigate to AI > Connectors in the dashboard.
  2. Click Add Connector.
  3. Choose a provider: Stripe (preset) or Custom.

Stripe

Section titled “Stripe”

The Stripe preset comes preconfigured. You only need to provide your Stripe API secret key. URL patterns and authentication are set up for you (requests to https://api.stripe.com/* with a Bearer token header).

Custom

Section titled “Custom”

For other APIs, configure the connector yourself:

SettingPurpose
NameA label for this connector (must be unique within your workspace).
Allowed URL patternsThe URLs your code is allowed to call. Must use HTTPS. Supports wildcards, for example https://api.example.com/v1/*. You can add up to 20 patterns.
Secret placementHow the secret is attached to outbound requests (see below).
SecretThe API key or token used to authenticate. Encrypted at rest.

Secret placement

Section titled “Secret placement”

The secret can be attached as a header or a query parameter.

As a header, you specify the header name and a template containing {{secret}}. For example, an Authorization header with the template Bearer {{secret}} sends Bearer sk_live_abc123 on every request.

As a query parameter, you specify the parameter name and the secret is appended to the request URL.

Monitoring

Section titled “Monitoring”

The connectors list in the dashboard shows request and error counts from the last 24 hours. If a connector has errors, it displays an alert badge. Click through to see the error log with details like HTTP status, method, host, and timestamp.

How connectors work at runtime

Section titled “How connectors work at runtime”

When a code step lists a connector, the workflow grants that code access to the connector’s URLs. The code uses standard fetch() calls. Before each request reaches the external API, the system checks the URL against the connector’s allowed patterns, injects the secret, and strips cookies. If the URL doesn’t match any pattern, the request is blocked.