API reference
Use the live OpenAPI and Scalar documents for exact request and response schemas.
Open Connector has two API planes. Pick the plane that matches the caller's identity—agents use a project API key; the console uses a signed-in user session.
Live API documents
| Document | URL | Authentication |
|---|---|---|
| Open Connector Scalar UI | api.openconnector.dev/api/v1/ | Project API key for protected operations |
| Open Connector API | api.openconnector.dev/api/v1/spec.json | Public document |
| Console Scalar UI | api.openconnector.dev/api/v1/console | Better Auth session for protected operations |
The server generates these documents from the same runtime API contracts used to handle requests. Use them instead of copying a static endpoint list: they are the authoritative schemas for the deployed version.
Agent plane
For existing Composio integrations, use the compatibility mount:
https://api.openconnector.dev/composio/api/v3.1/Authenticate every broker request with a project API key:
curl "https://api.openconnector.dev/composio/api/v3.1/toolkits?limit=20" \
-H "x-api-key: $OPEN_CONNECTOR_API_KEY"The compatible surface includes connector discovery, auth configs, connected accounts, tool execution, and other deployed Composio-style routes. A route whose optional subsystem is not configured returns an explicit error rather than an empty success.
Common agent workflow
- Create an auth config for a connector.
- Create a connected account (or a hosted connect link) for your user.
- Execute a tool against that connection.
curl -X POST "https://api.openconnector.dev/composio/api/v3.1/tools/execute/GITHUB_CREATE_AN_ISSUE" \
-H "x-api-key: $OPEN_CONNECTOR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"connected_account_id": "conn_...",
"arguments": {"owner": "acme", "repo": "support", "title": "Brokered issue"}
}'See Connected Accounts and Calling Tools for the lifecycle and error-handling guidance.
Console plane
The documented Console API is mounted under /api/v1/console. It uses a Better Auth session cookie and is intended for the management console or trusted administrative tooling—not an AI agent.
Project API-key management, organizations, projects, billing, and settings all belong to this session-authenticated plane. For a programmatic workflow, inspect the Console Scalar UI so the route and request shape match the deployed contract.
Authentication boundaries
| Caller | Credential | Scope |
|---|---|---|
| Agent / backend service | x-api-key: oc_... | One project and its connections |
| Console user | Better Auth session cookie | The user's organization permissions |
| OAuth callback | Signed state created by the broker | The in-progress connection only |
Never send a project API key to an untrusted browser or use a console session cookie from agent code.
Self-hosted instances
Replace https://api.openconnector.dev with your server's public origin. The routes stay the same:
https://connector.example.com/api/v1/spec.json
https://connector.example.com/composio/api/v3.1/Your OAuth callback base must also be publicly reachable; see Environment variables and Deploy to AWS.