Core Concepts
Understand the key entities: Organization, Project, Auth Config, Connection, and Tool Call.
Open Connector is built around five entities that work together to broker credentials between AI agents and third-party APIs. Understanding how they relate makes every API call and dashboard action predictable.
Entity hierarchy
Organization
└── Project (one or more)
├── Auth Config (one per service, e.g. GitHub)
│ └── Connection (one per user per Auth Config)
└── Agent API Keys (one or more, scoped to this project)When an agent makes a tool call, the request travels through this hierarchy:
Agent
│ x-api-key header
▼
Open Connector API
│ resolves Project from key metadata
▼
Connection (looked up by connectionId + projectId)
│ decrypts credential from vault
▼
External API (GitHub, Telegram, etc.)
│ returns response
▼
Agent (receives result — never the raw token)Organization
An Organization is the top-level tenant. It maps to a company, team, or product line. All billing, member access, and audit logs are scoped to an organization.
- Every user account belongs to one or more organizations
- Projects, auth configs, and connections are all owned by an organization
- The audit log is queryable at the organization level
Project
A Project is a logical grouping within an organization. It is the unit of isolation for agent access.
- Agent API keys are minted per project
- A key for Project A cannot access connections in Project B
- You might create one project per product, per environment (staging/production), or per agent team
Example projects:
customer-support-agents— agents that handle support ticketsdevops-agents— agents that manage GitHub repositories and issuesdata-agents-prod— production data pipeline agents
Auth Config
An Auth Config stores the OAuth app credentials (or API key configuration) for a specific service, scoped to a project.
For OAuth2 services like GitHub, an Auth Config holds your:
- OAuth client ID and client secret
- Requested scopes
- Connector slug (e.g.
github)
You register your own OAuth app — Open Connector does not share platform-level apps. This means your users see your application name and branding on the OAuth consent screen, and you own the token relationship.
One Auth Config can serve many Connections. If 500 users connect their GitHub accounts, they all share the same Auth Config (your GitHub OAuth app) but each have their own Connection record with their own encrypted token.
Connection
A Connection is a specific user's linked account for a service. It is the record that holds (encrypted) the OAuth token, refresh token, expiry, and associated metadata for one user + one Auth Config.
Internally, a connection carries one of these native status values (plus a separate disabled flag):
| Native status | Meaning |
|---|---|
pending | OAuth flow initiated, user has not yet authorised |
active | Token obtained and stored; ready for tool calls |
error | The connection attempt failed |
expired | Token expired and refresh failed (user must re-authorise) |
dropped | The connection was dropped and is no longer usable |
revoked | Explicitly disconnected by user or admin |
The Composio-compatible API surface reports these as wire statuses (uppercase) — this is what SDK and HTTP responses show:
| Native | Wire |
|---|---|
pending | INITIATED |
active | ACTIVE |
error | FAILED |
expired / dropped | EXPIRED |
revoked | REVOKED |
(disabled = true) | INACTIVE |
| (other / unknown) | INITIALIZING |
Open Connector manages token refresh automatically. When a tool call is made against an active connection with an expired access token, Open Connector silently refreshes it using the stored refresh token before forwarding the request.
Tool Call
A Tool Call is an agent-initiated action brokered through a connection. The agent specifies a connectionId and an action (e.g. create_issue); Open Connector:
- Verifies the agent key is valid and belongs to the correct project
- Looks up the connection and verifies it belongs to the same project
- Decrypts the credential from the AES-256-GCM vault
- Constructs the outbound request to the external API, injecting the credential
- Forwards the response back to the agent
- Writes a structured audit event to the hash-chained audit log
The agent receives only the API response — never the raw credential.
Data flow: end to end
Here is the complete flow from an agent making a request to receiving a response:
Agent authenticates
The agent sends a request with x-api-key: oc_... in the header. The middleware decodes the key, resolves projectId and orgId from the key metadata, and attaches them to the request context.
Connection is resolved
The agent passes a connectionId in the request body. Open Connector looks up the connection record, verifies it belongs to the same project as the agent key, and checks that its status is active.
Credential is decrypted
The encrypted token (AES-256-GCM) is read from Postgres and decrypted using the server's CONNECTOR_ENCRYPTION_KEY. If the access token is expired and a refresh token exists, it is refreshed first.
Upstream request is made
Open Connector constructs the outbound HTTP request to the external API (e.g. POST https://api.github.com/repos/{owner}/{repo}/issues), injecting the decrypted token as an Authorization: Bearer header.
Audit event is written
A structured audit event is appended to the hash-chained journal: { action, connectionId, projectId, orgId, agentKeyId, timestamp, prevHash, hash }. The SHA-256 hash of this event becomes the prevHash of the next event.
Response is returned
The external API response is proxied back to the agent. The agent receives the data it requested — never the token.
Summary table
| Entity | Scope | Purpose |
|---|---|---|
| Organization | Top-level tenant | Groups projects, members, and audit logs |
| Project | Within an organization | Isolates agent keys and connections |
| Auth Config | Within a project, per service | Stores your OAuth app credentials |
| Connection | Per user per Auth Config | Holds one user's encrypted token |
| Tool Call | Per agent request | A brokered action through a connection |
| Agent API Key | Per project | Authenticates agents; carries projectId in metadata |