Weavz

Connect

Create connections via the hosted connect flow for OAuth2 and all other authentication types.

Connect

The Connect endpoints provide a hosted connect flow for creating connections across all authentication types (OAuth2, API keys, custom auth). Weavz hosts the entire authorization process — you create a session token, open the connect page, and retrieve the result.

Hosted Connect Flow

POST/api/v1/connect/token

Create a connect session token. Returns a token and a connectUrl that you open in a popup or redirect to start the authorization flow.

Request Body

FieldTypeRequiredDescription
integrationNamestringYesIntegration to connect (e.g., slack, google-sheets)
connectionNamestringYesDisplay name for the resulting connection
externalIdstringYesCustomer-defined connection externalId selector
workspaceIdstring (uuid)YesWorkspace to create the connection in
workspaceIntegrationIdstring (uuid)NoConfigured workspace integration to connect. When provided, hosted connect inherits its authMethodKey and OAuth app policy.
authMethodKeystringConditionalAuth method key to use when connecting by integrationName. Required when multiple auth options exist and no workspaceIntegrationId is provided.
endUserIdstringNoThe end user's externalId to associate the connection with
scopestringNoConnection scope: ORGANIZATION, WORKSPACE, or USER. Defaults to ORGANIZATION
oauthAppModestringNoOAuth app policy for OAuth auth methods: weavz_managed or custom. Defaults to weavz_managed.
oauthAppIdstring (uuid)ConditionalTenant-owned custom OAuth app UUID. Required when oauthAppMode is custom; omit for Weavz-managed OAuth.
successRedirectUristring (url)NoURL to redirect to after a successful hosted connect flow
errorRedirectUristring (url)NoURL to redirect to after a failed hosted connect flow

Response

json
{
  "token": "cst_550e8400-e29b-41d4-a716-446655440000",
  "connectUrl": "https://platform.weavz.io/connect?token=cst_550e8400-e29b-41d4-a716-446655440000",
  "expiresAt": "2025-01-15T14:30:00.000Z"
}

Connect session tokens expire after 4 hours. Use the returned expiresAt to decide when your frontend should stop polling or ask your backend for a fresh token.

Example

bash
curl -X POST https://platform.weavz.io/api/v1/connect/token \
  -H "Authorization: Bearer wvz_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "integrationName": "google-sheets",
    "connectionName": "Google Sheets",
    "externalId": "conn_tenant_123_gsheets",
    "workspaceId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "successRedirectUri": "https://your-app.com/connect/success",
    "errorRedirectUri": "https://your-app.com/connect/error"
  }'

Open the connectUrl in a popup window or redirect the user to it. The hosted page handles the full OAuth2 consent flow.

For OAuth2 integrations, Weavz selects the OAuth app when the connect token is created. By default, OAuth connect sessions use the Weavz-managed OAuth app. Team, Scale, and Enterprise organizations can register tenant-owned OAuth apps for branded consent screens, custom scopes, and provider quota isolation, then select one with oauthAppMode: "custom" and oauthAppId. oauthAppId is always a real OAuth app UUID; there is no sentinel value for Weavz-managed OAuth.

When you pass workspaceIntegrationId, hosted connect uses that configured instance's auth method and OAuth app policy. This is the preferred path for workspace integrations with multiple auth options or a custom OAuth app selected in the dashboard.

Errors

StatusCodeDescription
400NO_OAUTH_APPNo OAuth app is configured for this integration
400AUTH_METHOD_REQUIREDThe integration has multiple auth options and authMethodKey was not provided
400INVALID_AUTH_METHODThe requested authMethodKey is not available for the integration
400INVALID_OAUTH_APPOAuth app fields were provided for a non-OAuth auth method or the custom OAuth app is invalid
403CUSTOM_OAUTH_APP_PLAN_REQUIREDTenant-owned OAuth apps are not available on the current plan
404INTEGRATION_NOT_FOUNDIntegration not found
404OAUTH_APP_NOT_FOUNDRequested OAuth app does not exist or is not available to the organization

Get Connect Session

GET/api/v1/connect/session/:sessionId

Retrieve a connect session by its Weavz session ID using your API key. Use this when your backend stored the session ID and wants an authenticated status lookup.

Path Parameters

FieldTypeDescription
sessionIdstringConnect session ID

Response

json
{
  "session": {
    "id": "c1f0f3c8-46ed-4a42-b7a2-0c3db3e7a111",
    "integrationName": "google-sheets",
    "connectionName": "Google Sheets",
    "externalId": "conn_tenant_123_gsheets",
    "status": "COMPLETED",
    "connectionId": "c1d2e3f4-5678-90ab-cdef-1234567890ab",
    "error": null,
    "expiresAt": "2025-01-15T14:30:00.000Z",
    "createdAt": "2025-01-15T10:30:00.000Z"
  }
}

Example

bash
curl https://platform.weavz.io/api/v1/connect/session/c1f0f3c8-46ed-4a42-b7a2-0c3db3e7a111 \
  -H "Authorization: Bearer wvz_your_api_key"

Errors

StatusCodeDescription
403FORBIDDENSession belongs to another organization
404NOT_FOUNDConnect session not found

Poll Connect Session

POST/api/v1/connect/session/poll

Retrieve the status and result of a connect session using the short-lived cst_ token returned by POST /api/v1/connect/token. Poll this endpoint after the user completes (or closes) the connect page.

Request Body

FieldTypeDescription
tokenstringThe cst_ token returned from POST /api/v1/connect/token

Response

json
{
  "status": "COMPLETED",
  "connectionId": "c1d2e3f4-5678-90ab-cdef-1234567890ab",
  "integrationName": "google-sheets",
  "externalId": "conn_tenant_123_gsheets",
  "error": null
}

Session statuses:

StatusDescription
PENDINGConnect page not yet opened or user still authorizing
CONNECTINGAuthorization is being completed
COMPLETEDAuthorization succeeded, connectionId contains the new connection
FAILEDAuthorization failed, error field contains the error message

Example

bash
curl -X POST https://platform.weavz.io/api/v1/connect/session/poll \
  -H "Content-Type: application/json" \
  -d '{"token":"cst_your_connect_token"}'

Errors

StatusCodeDescription
400MISSING_TOKENToken was not provided
401INVALID_TOKENToken is invalid or expired