Integrations API
Manage which providers a user has connected. Use these endpoints to list available providers, check connection status, connect or disconnect a provider, and retrieve connection metadata.
Endpoints #
| Method | Path | Description |
|---|---|---|
| GET | /integrations/providers |
List all available providers with connection status |
| POST | /integrations |
Connect a provider (manual token) |
| DELETE | /integrations/:providerId |
Disconnect a provider |
| GET | /oauth/:providerId |
Begin OAuth authorization flow (browser redirect) |
GET /integrations/providers #
Auth: Required (Bearer token). No request body.
Returns an array of all providers available on the platform. The connected field indicates whether the authenticated user has an active integration for that provider.
[
{
"id": "prov_01abc",
"name": "Notion",
"slug": "notion",
"description": "Connect pages, databases, and blocks",
"authType": "oauth2",
"active": true,
"connected": true
},
{
"id": "prov_01def",
"name": "Slack",
"slug": "slack",
"description": "Send messages and read channels",
"authType": "oauth2",
"active": true,
"connected": false
}
]A value of connected: true means the authenticated user has an active integration for this provider. A value of connected: false means the provider is available but not yet connected by this user.
POST /integrations #
Auth: Required (Bearer token).
Use this endpoint for manual token integrations such as a GitHub Personal Access Token. For OAuth 2.0 providers use the OAuth flow instead.
| Parameter | Type | Description |
|---|---|---|
|
providerId
string
required
|
The provider's UUID from GET /integrations/providers. Example: prov_01abc |
|
|
accessToken
string
required
|
The access token or personal access token to store. Encrypted at rest using AES-256-GCM. | |
|
refreshToken
string
optional
|
OAuth refresh token if applicable. Stored encrypted alongside the access token. |
{
"providerId": "prov_01ghi",
"accessToken": "ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}{
"id": "int_01jkl",
"provider": "github",
"status": "connected",
"createdAt": "2026-03-14T09:00:00Z"
}GET /oauth/:providerId which handles the full authorization code exchange automatically. POST /integrations is mainly used for token-based providers like GitHub.
DELETE /integrations/:providerId #
Auth: Required (Bearer token). No request body.
Path parameter: providerId — the provider's UUID (not slug), obtained from GET /integrations/providers.
Returns 204 No Content on success.
disconnected and prevents future tool executions for that provider. It does not revoke the OAuth token from the provider's side — do that separately in the provider's app settings if required.
OAuth Authorization Flow #
OAuth 2.0 providers (Notion, Slack, Google Drive, Gmail) require a browser-based authorization flow. AgentBridge handles the full code exchange and token storage.
-
Redirect to AgentBridge
Your UI redirects the user to
GET /oauth/:providerId. This requires a valid JWT session cookie or Authorization header. -
AgentBridge builds the authorization URL
AgentBridge constructs the provider's OAuth authorization URL with the correct scopes and a signed
stateparameter to prevent CSRF attacks. -
Provider redirects back
After the user grants access, the provider redirects to AgentBridge's registered callback URL with an authorization code.
-
Token exchange and storage
AgentBridge exchanges the code for access and refresh tokens, encrypts them with AES-256-GCM, and stores them securely in the database.
-
Redirect to your frontend
AgentBridge redirects the user's browser to your frontend at
/oauth-callback?success=true(or?success=false&error=...on failure).
Example authorization URL to initiate the flow:
GET https://api.agentbridge.in/oauth/prov_01abc
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...POST /integrations with a pre-obtained access token.