Connect a Custom API
Use a custom API connection when Type does not yet have a packaged connector for the service your teammate needs. Type stores the credential securely, validates it against a test endpoint, and injects it server-side when an allowed teammate calls the API.
Before you start
Section titled “Before you start”Collect the API details you want Type to use:
- The API’s HTTPS base URL, such as
https://api.example.com. - An API key, bearer token, or OAuth2 token exchange credentials.
- A safe test endpoint on the same host, such as
/me,/health, or/v1/accounts. - API docs, either as a docs URL or uploaded
.md/.txtreference files.
Do not paste API keys into teammate instructions, skills, or thread messages. Put credentials in the connection form so Type can store and inject them safely.
Create the connection
Section titled “Create the connection”- Open the teammate that should use the API.
- Open the teammate’s connector settings.
- Search for Custom API.
- Enter a clear name, such as
Warehouse APIorBilling API. - Enter the API’s base URL.
- Choose the authentication method.
- Enter a safe test endpoint.
- Add the docs URL or upload API reference files.
- Test the connection.
- Save the connection and keep it assigned to the teammate that needs it.
Authentication methods
Section titled “Authentication methods”| Method | Use when | What Type sends |
|---|---|---|
| Bearer token | The API expects an Authorization: Bearer ... header. | Authorization: Bearer <token> |
x-api-key | The API expects the key in the standard x-api-key header. | x-api-key: <key> |
| OAuth2 token exchange | The API requires Type to exchange client credentials or a refresh token for an access token. | Type exchanges the configured credential for a bearer access token, then calls the API with that token. |
Some agent-requested connection cards can prefill a custom header when the API docs require one. In that case, review the requested header name before saving.
OAuth2 token exchange
Section titled “OAuth2 token exchange”For OAuth2 token exchange, enter:
- Client ID.
- Client secret, when the selected grant requires one.
- Refresh token, when using a refresh-token grant.
- HTTPS token URL.
- Optional scope.
- Optional provider-specific token subject, such as Greenhouse Harvest’s user ID (
sub) parameter.
Advanced token settings let you choose the token grant, whether Type sends client authentication as request parameters or HTTP Basic auth, and whether token request parameters go in the POST body or query string.
The token endpoint must return a bearer access_token. Type uses that access token when the teammate calls the API.
Test endpoint
Section titled “Test endpoint”The test endpoint confirms the base URL and credentials work before the connection is saved.
- It must be a path on the same API host.
- It can include query parameters, such as
/v1/accounts?limit=1. - It should be safe to call during setup.
- A
2xxresponse is treated as a successful test unless the connection request specifies a different expected status.
Prefer a read-only endpoint for the test. Save mutating endpoints for teammate work after the connection is configured.
Provider templates can include required validation details, such as the HTTP method, expected status codes, or static provider headers. Type sends those details server-side during setup; you only need to review the visible connection fields and enter the credential.
Packaged API templates
Section titled “Packaged API templates”Some third-party APIs are available as packaged templates even when they use API credentials instead of a full OAuth install flow. Search for the service name from a teammate’s connector settings, then enter the requested credential fields.
For example, KnoCommerce pre-fills its API base URL, OAuth2 client-credentials token URL, HTTP Basic token authentication, query-parameter token exchange, default scopes, read-only survey validation endpoint, and API usage notes for surveys, responses, attribution, benchmark questions, and webhooks.
Greenhouse Harvest pre-fills its API base URL, OAuth2 client-credentials token URL, HTTP Basic token authentication, a core read-scope set (harvest:job_posts:list, harvest:jobs:list, harvest:candidates:list, harvest:applications:list, and harvest:users:list), optional user ID (sub) field, read-only job-post validation endpoint, and API usage notes for Harvest v3 jobs, candidates, applications, users, webhooks, rate limits, and Link-header pagination. Leave the user ID blank to use the integration service user attached to the Greenhouse credential. Enable the same checked scopes in Greenhouse Dev Center, and add any other Greenhouse scopes you enable to Additional scopes.
Amplitude pre-fills https://amplitude.com as the API base URL and validates credentials with the read-only /api/2/events/list endpoint, which returns visible events with current-week usage metrics. Enter the credential as an Authorization header value: Basic <base64(apiKey:secretKey)>. Use the same connection for Dashboard REST reads and raw Export API requests.
Fathom pre-fills https://api.fathom.ai as the API base URL and validates API keys with the read-only /external/v1/meetings endpoint using the X-Api-Key header.
API docs
Section titled “API docs”Give the teammate enough API context to make the right requests:
- Add the public or internal docs URL if one exists.
- Upload Markdown or text API notes for private or internal APIs.
- Include endpoint paths, required query parameters, request bodies, response shapes, and examples.
Uploaded docs can be .md or .txt files. Keep them focused on the endpoints the teammate should actually use.
How teammates call the API
Section titled “How teammates call the API”After the connection is saved and assigned, the teammate can find it in its available integrations and make direct API requests through Type.
When the teammate calls the API:
- Requests must use paths on the saved base URL.
- Type injects the saved credential server-side.
- Type strips sensitive or unsafe caller-supplied headers such as
Authorization,cookie,host, andx-api-key. - Responses are returned to the teammate, with very large inline responses truncated. Safe response headers for pagination and rate limits, including
link,retry-after, andx-ratelimit-*, are exposed with the result. - For large exports, the teammate can request file output so Type saves the response as a file instead of paging all rows into the conversation.
- For APIs that paginate with
Link: <...>; rel="next", the teammate can request Link-header JSON file output so Type follows same-hostrel="next"links and streams all pages into one JSONL or JSON file.
This keeps credentials out of prompts while still letting the teammate use authenticated API endpoints.
Practical guidance
Section titled “Practical guidance”- Start with read-only endpoints so the teammate can inspect data safely.
- Add API docs before asking the teammate to use a complex endpoint.
- Keep one custom API connection scoped to one service or base URL.
- Assign the connection only to teammates that need access.
- Use skills to document repeatable workflows for how the teammate should use the API.