Skip to main content
Exact connectors depend on your workspace and plan. Use the categories below to plan rollouts and security reviews.

Supported patterns

CategoryExamples
CalendarsGoogle Calendar, Calendly
MessagingTwilio SMS, SendGrid email
CRMHubSpot, Salesforce, Zoho (often via OAuth or automation platforms)
AutomationMake.com / Zapier webhooks for hybrid flows

Custom APIs

Operators can call HTTPS APIs you control (API keys, OAuth, or bearer tokens), subject to your security review.
1

Model the contract

Define request/response shapes, timeouts, and what the operator may send (PII minimization).
2

Store secrets safely

Prefer vault or integration storage instead of embedding secrets in operator-visible JSON.
3

Observe and alert

Track latency and error rate per integration; surface degradations before they affect call quality.

Webhooks

Inbound automation callbacks should:
  • Verify signatures (for example HMAC-SHA256 on the raw body).
  • Support idempotency for safe retries where your backend allows it.
  • Return fast HTTP responses and offload heavy work to async workers.
// Example: verify signature pseudocode (adapt to your framework)
const crypto = require('crypto');

function verifyWebhook(rawBody, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(rawBody)
    .digest('hex');
  return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}
Never expose signing secrets in client-side code or public repositories. Rotate keys if a webhook endpoint was misconfigured.

Operators

How agents are allowed to use integrations during a call.

Quickstart

End-to-end setup before tightening integrations in production.