One place for every
service connection.

Any email account that supports IMAP and SMTP — Gmail (with app password), Outlook, cPanel hosting, custom mail servers. Supports SSL/TLS. Used by automations that send or receive email from a real mailbox.

Used for: Read inboxes, send transactional emails from a staff email address.

Microsoft 365 services via OAuth2 — Outlook mail, OneDrive, SharePoint. Requires an Azure AD App Registration. Used where staff use Outlook as their primary email.

Used for: Email sync, calendar access, OneDrive file operations.

Brevo's authenticated SMTP relay. Delivers bulk and transactional email with better deliverability than a raw mail server. Used by the campaign send engine and notification emails.

Used for: All outbound campaign emails and automated notification emails.

Email address validation and verification API. Checks whether an address is valid, a catch-all, disposable, or likely to bounce before you send to it.

Used for: Pre-send validation in the Campaigns app to protect sender reputation.

Brevo's REST API (distinct from SMTP). Used for list management, contact syncing, and programmatic campaign control beyond what SMTP covers.

Used for: Contact list sync, bounce and unsubscribe webhooks from Brevo back to the platform.

OpenAI API for GPT-4o text generation, Whisper speech-to-text transcription, DALL-E image generation, and text embeddings (used by the vector search in tasks and customer state).

Used for: AI-generated email digests, task summaries, meeting transcription, semantic search.

Xero accounting platform via OAuth2. Access invoices, contacts, accounts, payments, and reports. Token refreshes automatically.

Used for: P&L dashboards, invoice generation, financial reporting panels.

One credential covers the full Google workspace — Gmail, Drive, Calendar, and Google Cloud Platform. Scopes are chosen at setup so you only grant the access you actually need.

Used for: Gmail inbox reading, calendar sync, Drive file access.

Dedicated connector for Google Analytics 4 and Search Console data. Pulls traffic, conversion, keyword, and impression data into Dashboard panels.

Used for: Website analytics panels in the Dashboard app.

A Telegram bot token. Automations use this to push messages to a Telegram chat or channel — typically for error alerts, critical automation failures, or operational notifications that shouldn't wait for an email digest.

Used for: Automation error alerts, log-level notifications from the Log Viewer.

CloudConvert API for file format conversion — documents, images, audio, video. Used when automations need to convert uploaded files before processing or storage.

Used for: Document conversion in automation pipelines.

Bulk SERP data API — keyword rankings, SERP features, competitor analysis, and search volume data at scale. More cost-effective than SerpAPI for high-volume lookups.

Used for: SEO dashboards, keyword rank tracking automations.

Real-time Google search results API. Returns structured SERP data including organic results, featured snippets, People Also Ask, and local pack data.

Used for: Real-time search result lookups, competitor monitoring.

HubSpot private app API key. Used during the HubSpot-to-Supabase data migration to pull contacts, companies, deals, lists, campaigns, and associations via the HubSpot v3 REST API.

Used for: CRM sync automation (data migration). Read-only after HubSpot is decommissioned.

Ontraport CRM and marketing automation API. Used where Ontraport is the source of truth for contacts, campaigns, and automations.

Used for: Contact sync from Ontraport into the platform database.

Monday.com project management platform via OAuth2. Access boards, items, updates, and columns programmatically.

Used for: Project tracking integrations, board-to-task sync.

Clockify time tracking API. Access reports, workspaces, projects, and time entries. Used for billing-related automations and timesheet dashboards.

Used for: Timesheet reporting, billable hours automation.

Moodle LMS REST API. Access courses, users, enrolments, grades, and activity completions. The Moodle sync automation uses this to pull student engagement data into Supabase for dashboards.

Used for: Student engagement sync, Moodle Dashboard, cohort risk monitoring.

Amazon Selling Partner API for seller account data — orders, inventory, reports, and fulfilment. Requires an AWS IAM role and Amazon developer account registration.

Used for: Amazon seller dashboards, order sync, inventory monitoring.

Storman facility management software API. Used for storage unit operators to pull occupancy, customer, and financial data into reporting dashboards.

Used for: Facility occupancy and revenue reporting.

For any service that authenticates with a simple API key. Configure the header name, header prefix (Bearer, Token, etc.), or switch to query parameter auth. Covers the majority of third-party services that don't have a dedicated connector.

Used for: Any API that doesn't have a dedicated type yet.

A webhook endpoint with optional token authentication. Point automations at an n8n workflow, a Zapier catch, or any HTTP endpoint that accepts a POST payload.

Used for: Bridging to legacy n8n workflows, external automation triggers.

A fully configurable OAuth2 credential for any provider that isn't covered by a dedicated type. You supply the authorisation URL, token URL, client ID, secret, and scopes manually.

Used for: Any OAuth2-compatible service without a built-in connector.

Direct database credentials — host, port, username, password, database name — for MySQL, PostgreSQL, or other SQL databases. Used where automations need to query a client's own database directly.

Used for: Legacy system integrations, external database queries.

A Supabase project URL and service role key for a secondary Supabase instance (not the platform's own database). Allows automations to read from or write to an external Supabase project.

Used for: Cross-project data sync, client-owned Supabase instances.