A connection stores authenticated credentials for an integration. Use connections when an integration needs access to a third-party account, such as Slack, GitHub, Google Sheets, OpenAI, or another authenticated API.
Some integrations and actions do not require an external account. Utility and built-in integrations such as Datetime, Hash & Encode, Data Transformer, Filesystem, State KV, and Sandbox can run without a connection. In those cases, omit connectionId and connectionExternalId; Weavz still scopes the call to your organization, workspace, MCP server, and end user where applicable.
Connections support multiple authentication methods depending on the integration:
Catalog integrations expose their supported methods as authOptions. A configured workspace integration selects one with authMethodKey, and hosted connect inherits that choice when you pass workspaceIntegrationId. If you create or resolve credentials directly, pass authMethodKey when an integration can use more than one method, such as API key and OAuth.
For services like Slack, GitHub, and Google Sheets. Weavz provides a hosted connect page that handles the full OAuth2 authorization flow, including token exchange and PKCE.
The session response includes a status field (PENDING, CONNECTING, COMPLETED, or FAILED) and the resulting connectionId when completed. OAuth2 token refresh is handled automatically.
All connection credentials are encrypted at rest using AES-256. Secrets are never stored in plain text and are only decrypted when needed to make API calls to the third-party service.
Connections can be owned by an end user. When you create a connection through the end user connect portal or pass endUserId when creating a connection, that connection is linked to the end user.
This enables per-user connection management:
View connections — get all connections for a specific end user via GET /api/v1/end-users/:id
Automatic cleanup — when an end user is deleted, their connections are deleted too
Connection resolution — pass endUserId when executing actions or resolving connections, and Weavz finds the right connection based on the workspace's connection strategy
End users are auto-created when a connection is established through the hosted connect flow with an endUserId parameter, if the end user doesn't exist yet.
Every connection has a Weavz UUID, and every connection you create also has an externalId. Use the connection externalId as a stable selector for that specific credential set, such as a shared customer Slack workspace or a project API key.
Connection externalId is not the default per-user identity model. For per-user OAuth and per-user credential routing, create end users and pass endUserId during execution.
When you execute an action or enable a trigger, Weavz resolves which connection to use. You can specify a connection explicitly by passing the connection's externalId as connectionExternalId, or let Weavz resolve it based on the current workspace integration context:
Resolution priority:
Explicit connectionExternalId — if provided, find the connection with that connection.externalId
Workspace integration — if workspaceId is provided, the workspace's integration configuration determines the connection based on its strategy (fixed, per_user, or per_user_with_fallback)
End-user context — if the strategy is per-user, pass endUserId so Weavz can resolve credentials linked to that end user
No connection — returns a CONNECTION_REQUIRED error
If you provide workspaceId, endUserId, or authMethodKey, explicit external-ID resolution is validated against that scope and auth method. Cross-workspace, cross-user, or incompatible auth-method matches are rejected.
import { WeavzClient } from '@weavz-io/sdk'const client = new WeavzClient({ apiKey: 'wvz_your_api_key' })// The list method returns all connections; filter client-sideconst { connections } = await client.connections.list()const slackConnections = connections.filter( (c: any) => c.integrationName === 'slack')
python
from weavz_sdk import WeavzClientclient = WeavzClient(api_key="wvz_your_api_key")# The list method returns all connections; filter client-sideresult = client.connections.list()slack_connections = [ c for c in result["connections"] if c["integrationName"] == "slack"]
import httpxres = httpx.get( "https://platform.weavz.io/api/v1/connections", headers={"Authorization": "Bearer wvz_your_api_key"},)data = res.json()slack_connections = [c for c in data["connections"] if c["integrationName"] == "slack"]
Deleting a connection does not disable triggers or remove MCP tools that use it — those will fail with a CONNECTION_REQUIRED error until a new connection is configured.