> **Building with AI coding agents?** If you're using an AI coding agent, install the official Scalekit plugin. It gives your agent full awareness of the Scalekit API — reducing hallucinations and enabling faster, more accurate code generation. > > - **Claude Code**: `/plugin marketplace add scalekit-inc/claude-code-authstack` then `/plugin install @scalekit-auth-stack` > - **GitHub Copilot CLI**: `copilot plugin marketplace add scalekit-inc/github-copilot-authstack` then `copilot plugin install @scalekit-auth-stack` > - **Codex**: run the bash installer, restart, then open Plugin Directory and enable `` > - **Skills CLI** (Windsurf, Cline, 40+ agents): `npx skills add scalekit-inc/skills --list` then `--skill ` > > `` / ``: `agentkit`, `full-stack-auth`, `mcp-auth`, `modular-sso`, `modular-scim` — [Full setup guide](https://docs.scalekit.com/dev-kit/build-with-ai/) --- # Configure a connection A **connection** is a configuration you create once in the Scalekit Dashboard. It holds everything Scalekit needs to interact with a connector's API: OAuth app credentials, scopes, redirect URIs, and so on. One connection serves all your users. Users don't configure connections. When a user authenticates, Scalekit creates a **connected account**, the per-user record that links their identity to a connection and holds their tokens. ## What the connection form asks for The connection form adapts to what the connector requires. Two things determine how much you need to configure: - **OAuth-based connectors** require the most setup. You register an OAuth app with the provider, then enter those credentials into Scalekit. - **Non-OAuth connectors** (API key, basic auth, key pairs, and similar) require minimal developer setup (usually just a name). The user provides their own credentials when they create their connected account. The sections below walk through both patterns. ## Set up an OAuth connection OAuth connections require you to create an OAuth app with the provider and link it to Scalekit. Scalekit provides the Redirect URI; you bring the Client ID and Client Secret. 1. ### Open the connection form In the Scalekit Dashboard, go to **Agent Auth > Connections** and click **Add connection**. Select the connector you want to configure. The form shows the fields that connector requires. 2. ### Copy the redirect URI Scalekit generates a **Redirect URI** for this connection. Copy it; you'll need it in the next step. This URI is where the provider sends the user after they complete the OAuth consent screen. Scalekit handles the callback automatically. 3. ### Register your OAuth app with the provider In the provider's developer console (GitHub, Salesforce, Google, etc.), create an OAuth app and add Scalekit's Redirect URI to the list of authorized redirect URIs. The provider will give you a **Client ID** and **Client Secret** after registration. **Redirect URI must match exactly:** The URI in the provider's console must match what Scalekit shows character-for-character, including trailing slashes. A mismatch causes the OAuth flow to fail with a redirect_uri_mismatch error. 4. ### Enter your credentials Back in the Scalekit Dashboard, enter the **Client ID** and **Client Secret** from the provider. 5. ### Configure scopes Select the scopes your agent needs. Scopes define what your agent can do on the user's behalf: for example, `read:email` or `repo`. **Scopes apply to all connected accounts:** The scopes you set here apply to every connected account that uses this connection. If you need different scopes for different user groups, create separate connections for each group. 6. ### Save the connection Click **Save**. The connection is now active and ready for connected accounts to be created against it. **Use Scalekit credentials to get started faster:** For some connectors, Scalekit offers a **Use Scalekit credentials** option. This lets you skip the OAuth app registration step and start testing immediately. Switch to your own credentials before going to production. See [Bring your own credentials](/agentkit/advanced/bring-your-own-oauth/). ## Set up a non-OAuth connection For connectors that use API keys, basic auth, key pairs, or similar, the connection form asks for very little. In many cases, you only need to give the connection a name. The user provides their own credentials (their API key, account details, or private key) when they create a connected account. Scalekit collects those credentials through the connected account form and stores them securely. 1. Go to **Agent Auth > Connections** and click **Add connection** 2. Select the connector 3. Enter a **Connection name**: this identifies the connection in the dashboard and in your code 4. Click **Save** When a connected account is created for this connection, Scalekit presents the user with a form that collects the credentials their specific account requires. ## Create multiple connections for the same connector You can create more than one connection for the same connector. This is useful when: - Different groups of users need different scopes - You want to maintain separate OAuth apps for staging and production - You're integrating with multiple instances of the same service (for example, two different Salesforce orgs) Each connection has its own name, which you use to identify it in API calls and in the dashboard. --- ## More Scalekit documentation | Resource | What it contains | When to use it | |----------|-----------------|----------------| | [/llms.txt](/llms.txt) | Structured index with routing hints per product area | Start here — find which documentation set covers your topic before loading full content | | [/llms-full.txt](/llms-full.txt) | Complete documentation for all Scalekit products in one file | Use when you need exhaustive context across multiple products or when the topic spans several areas | | [sitemap-0.xml](https://docs.scalekit.com/sitemap-0.xml) | Full URL list of every documentation page | Use to discover specific page URLs you can fetch for targeted, page-level answers |