Open Connector
Start here

Quickstart: connect GitHub from the SaaS console

Create a project, connect a GitHub account, and make a brokered tool call without running Open Connector locally.

This is the fastest supported path: use the hosted console at app.openconnector.dev, then point an agent at the hosted API. You do not need a repository checkout, database, or local server.

This guide uses GitHub because its OAuth flow makes the credential boundary visible. The same sequence applies to another connector when its auth method is marked available in the console.

Create your workspace

  1. Open app.openconnector.dev and create an account or sign in.
  2. Complete onboarding: create an Organization, then a Project. A project is the isolation boundary for agent keys and connected accounts.
  3. Give the project a recognisable name, such as Support agent — production.

Create a project API key

In the selected project, open API Keys in the sidebar and choose Create. Copy the plaintext key immediately and put it in your application's secret store.

The key is used as x-api-key for broker requests. It is project-scoped: it cannot read connections from another project.

export OPEN_CONNECTOR_API_KEY='oc_...'

Treat this as a server-side secret. Do not put it in a browser, mobile application, or source repository. The console only shows the plaintext key when it is created or regenerated.

Configure GitHub authentication

Open Auth Configs and choose Create:

  1. Select GitHub and an available OAuth 2.0 method.
  2. Choose Platform Managed only when the console marks it available; otherwise select Your Own Credentials and enter the client ID and client secret from your GitHub OAuth app.
  3. For your own OAuth app, register this callback URL exactly:
https://api.openconnector.dev/api/v1/connectors/github/callback
  1. Create the auth config. It defines how GitHub accounts in this project authenticate; it is not a user connection yet.

Connect an account

In Auth Configs, open the new GitHub config's menu and choose Connect account. Enter the stable ID your product uses for the end user, for example user_123, then choose Connect.

Open Connector launches GitHub's consent flow in a new window. Once consent completes, the Connections page shows an active connection. Copy its connection ID.

For a user-facing product, use Connections → Connect link instead: it creates a short-lived hosted link to send to the user, so your application never handles their credential.

Call a GitHub tool from your agent

Use the first-party Open Connector SDK, or switch to the Composio-compatible client if you are migrating an existing integration:

import { createClient } from "@open-connector/sdk";

const oc = createClient({
  apiKey: process.env.OPEN_CONNECTOR_API_KEY!,
  baseUrl: "https://api.openconnector.dev",
});

const result = await oc.executeTool({
  slug: "GITHUB_CREATE_AN_ISSUE",
  connectedAccountId: "conn_...",
  arguments: {
    owner: "acme",
    repo: "support",
    title: "Created by the support agent",
    body: "The agent used a brokered GitHub connection.",
  },
});

console.log(result.data);
import Composio from "@composio/client";

const composio = new Composio({
  apiKey: process.env.OPEN_CONNECTOR_API_KEY!,
  baseURL: "https://api.openconnector.dev/composio",
});

const result = await composio.tools.execute("GITHUB_CREATE_AN_ISSUE", {
  connected_account_id: "conn_...",
  arguments: {
    owner: "acme",
    repo: "support",
    title: "Created by the support agent",
    body: "The agent used a brokered GitHub connection.",
  },
});

console.log(result.data);

The broker finds the connection within the API key's project, injects the GitHub credential server-side, and records the credential use. Your agent code receives the GitHub response, not an OAuth token.

Verify the integration

Use the connection ID copied from the console to verify that the broker can read the project-scoped connection:

curl "https://api.openconnector.dev/composio/api/v3.1/connected_accounts/conn_..." \
  -H "x-api-key: $OPEN_CONNECTOR_API_KEY"

An active connection returns metadata and status, never the credential. If the connection is absent or the key belongs to another project, the broker does not disclose it.

Next steps

On this page