Connect Your Agent to Any Tool

Your AI agent can call 40+ external APIs without ever seeing the raw credentials. Store your keys once, and the ClawTrust credential proxy handles authentication on every request.

How it works

Three steps between your credential and a secure API call.

Store your credential

Add your API key, OAuth token, or email login through the ClawTrust dashboard. Every credential is encrypted with AES-256-GCM before it touches the database.

Agent calls through the proxy

When your agent needs to call an external API, it sends the request to the ClawTrust credential proxy. The agent never sees the raw credential.

Proxy injects auth and forwards

The proxy decrypts the credential, attaches it to the outbound request (as a header, query param, or OAuth signature), and forwards it to the target API. The response flows back to your agent.

Supported credential types

Eight authentication methods covering virtually every SaaS API.

API Key (Bearer)

Standard Bearer token authentication. The proxy adds an Authorization: Bearer header to every request.

Examples: Stripe, OpenAI, HubSpot, SendGrid, VAPI, Housecall Pro

API Key (URL Parameter)

Appends the API key as a query parameter on each request URL.

Examples: Cal.com, legacy REST APIs

API Key (X-API-Key)

Sends the key in a custom X-API-Key header. Common in newer API designs.

Examples: Anthropic, custom APIs

OAuth2 Client Credentials

Machine-to-machine OAuth flow. The proxy handles token exchange and refresh automatically.

Examples: ServiceTitan, Salesforce M2M, QuickBooks

OAuth 1.0a (4-key signing)

Full OAuth 1.0a request signing with consumer key, consumer secret, access token, and token secret.

Examples: X (Twitter)

Email Login (Send/SMTP)

SMTP credentials for sending email as your agent. Supports app passwords and OAuth tokens.

Examples: Gmail, Outlook, Yahoo

Email Inbox (Read/IMAP)

IMAP credentials for reading incoming email. Your agent can monitor inboxes and respond to messages.

Examples: Gmail, Outlook

Username & Password

Basic auth or form-based credentials for services that use username/password pairs.

Examples: Jira, Twilio

Integration guides

Step-by-step setup instructions for each service.

Field Service

ServiceTitan

Field service management and dispatching

Housecall Pro

Home service scheduling and invoicing

Jobber

Field service quoting and CRM

CRM

HubSpot

CRM, marketing, and sales automation

Salesforce

Enterprise CRM and sales cloud

Pipedrive

Sales pipeline and deal management

Email

Gmail

Send and read email with your agent

Outlook

Microsoft 365 email integration

Messaging

Slack

Team messaging and multi-agent routing

Discord

Community and team chat

Microsoft Teams

Enterprise team communication

Outreach

Instantly.ai

Cold email outreach at scale

Apollo

Sales intelligence and engagement

Scheduling

Cal.com

Open-source scheduling and booking

Calendly

Appointment scheduling automation

Social

X (Twitter)

Post, reply, and monitor mentions

Facebook

Page management and Messenger

Instagram

Post scheduling and DM responses

Professional networking and posts

TikTok

Video posting and analytics

Dev Tools

GitHub

Repos, issues, and pull requests

Linear

Issue tracking and project management

Notion

Docs, databases, and wikis

Airtable

Spreadsheet-database hybrid

Payments

Stripe

Payments, subscriptions, and invoicing

Square

Point of sale and payments

PayPal

Online payments and payouts

Analytics

PostHog

Product analytics and feature flags

Mixpanel

User behavior analytics

Advertising

Google Ads

Campaign management and reporting

YouTube

Video uploads and channel management

AI

OpenAI

GPT models and embeddings

Anthropic

Claude models and completions

OpenRouter

Multi-model AI routing

Communication

Twilio

SMS, voice, and phone numbers

VAPI

Voice AI agents and phone calls

Accounting

QuickBooks

Accounting and bookkeeping

FreshBooks

Invoicing and expense tracking

Xero

Cloud accounting for small business

Local Business

Google Business Profile

Reviews, posts, and local SEO

Email Marketing

Mailchimp

Email campaigns and automations

Klaviyo

E-commerce email and SMS marketing

ActiveCampaign

Email automation and CRM

Lead Generation

Thumbtack

Local service lead generation

How credentials are protected

Five layers of protection between your keys and the outside world.

AES-256-GCM encryption at rest

Every credential is encrypted before it reaches the database. Decryption only happens inside the proxy at request time.

Never stored on the agent's server

Credentials live on the ClawTrust control plane, not on your agent's dedicated VPS. The agent only has a proxy token.

Allowed domains restrict API access

Each credential has a list of allowed domains. The proxy rejects any request to a domain not on the list, preventing misuse.

Every proxy call is audit-logged

Full request logging with timestamp, target domain, HTTP method, and status code. Review your agent's API activity anytime.

Content scanning blocks exfiltration

Outbound responses are scanned for credential patterns. If your agent tries to leak a key in a chat message, it gets blocked.

Ready to connect your agent to your tools?

Store your credentials once. Your agent handles the rest, securely.

Get Started See Pricing