feros
Integrations

OAuth and Credentials

OAuth flow, encrypted credential storage, and default-connection behavior.

OAuth and Credentials

OAuth Endpoints

  • GET /api/oauth/{integration_name}/authorize
  • GET /api/oauth/callback

Flow summary:

  1. Frontend requests authorize URL.
  2. Backend creates PKCE + state and stores state in ephemeral KV.
  3. User authorizes in popup.
  4. Callback exchanges code for tokens.
  5. Tokens are encrypted and stored.

Credential Routes

  • POST /api/agents/{agent_id}/credentials
  • GET /api/agents/{agent_id}/credentials
  • PUT /api/agents/{agent_id}/credentials/{credential_id}
  • DELETE /api/agents/{agent_id}/credentials/{credential_id}

Secrets are encrypted at rest and never returned as plaintext in API responses.

Default Connection Model

The integrations API supports platform-level default connections plus agent-specific overrides.

  • GET /api/integrations/default-connections
  • GET /api/integrations/{integration_name}/default-connection
  • PUT /api/integrations/{integration_name}/default-connection
  • DELETE /api/integrations/{integration_name}/default-connection

Integrations Overview

How feros handles integration registry, credential security, and secret resolution.

Built-in Skills

Built-in skill packs available in the current feros API repository.

On this page

OAuth and CredentialsOAuth EndpointsCredential RoutesDefault Connection Model