Connect external services

Most automations interact with external services — GitHub, Slack, monitoring platforms, cloud APIs, and internal tools. These services require authentication, and managing credentials manually in every pattern is error-prone and insecure. DRAGOPS connections solve this by storing credentials centrally and making them available to any pattern that needs them.

What is a connection?

A connection is a saved set of credentials for an external service. It stores authentication details securely so your patterns can make authenticated API calls without hardcoding tokens or keys.

A connection typically includes:

• Provider — the service it authenticates with (for example, GitHub, Slack)
• Display name — a label you choose to identify the connection (for example, "Production GitHub" or "Ops Slack Workspace")
• Credentials — access tokens, API keys, or OAuth tokens, stored encrypted

DRAGOPS encrypts all connection credentials using AES-256-GCM encryption. Credentials are encrypted at rest and only decrypted at the moment a node needs them during execution.

Create a connection

OAuth connections

For services that support OAuth (such as GitHub and Slack):

1. Go to the Connections page in the DRAGOPS dashboard.
2. Select the service you want to connect.
3. DRAGOPS redirects you to the service's authorization page.
4. Authorize DRAGOPS to access your account.
5. The connection appears on the Connections page with the encrypted access token stored automatically.

OAuth connections handle token management for you. When a token expires (if the provider supports refresh), DRAGOPS refreshes it automatically.

API key connections

For services that use API keys:

1. Go to the Connections page.
2. Select Add Connection and choose the provider, or select a generic API key connection.
3. Enter the display name and paste your API key.
4. Select Save.

The API key is encrypted immediately and never displayed again in the dashboard. You can update or delete the connection, but you cannot view the stored key.

Use a connection in a pattern

Connections integrate with the HTTP Request node through the connection picker.

1. Open your pattern in the visual editor.
2. Add an HTTP Request node (or select an existing one).
3. In the Inspector Panel, find the Connection dropdown.
4. Select the connection you want to use.

When the pattern executes, DRAGOPS injects the connection's credentials into the HTTP request automatically. For OAuth connections, this typically means adding an Authorization: Bearer <token> header. For API key connections, the key is injected according to the provider's expected format.

Manual header approach

If you prefer explicit control, you can also reference connection values directly in your header wiring without using the connection picker. This is useful for services with non-standard authentication schemes.

1. Use a Get Connection node to retrieve the credential at runtime.
2. Wire the credential value into a Set Property node to build the authorization header.
3. Wire the headers object into the HTTP Request node.

OAuth flow for GitHub

GitHub is one of the most common integrations. Here is the full flow:

1. Go to the Connections page and select GitHub.
2. DRAGOPS opens the GitHub authorization page. Sign in to your GitHub account if prompted.
3. Review the permissions DRAGOPS requests and select Authorize.
4. GitHub redirects you back to DRAGOPS. The connection now appears on the Connections page with your GitHub username and avatar.

Once connected, any pattern can use the GitHub connection to interact with the GitHub API:

With the GitHub connection selected on the HTTP Request node, DRAGOPS handles the Authorization header automatically.

Security: How credentials are handled

DRAGOPS takes credential security seriously:

• Encrypted at rest — All credentials are stored using AES-256-GCM encryption. The raw token is never stored in plaintext.
• Decrypted on demand — Credentials are only decrypted at the exact moment a node needs them during execution. They are never cached in memory between executions.
• Never logged — Credential values never appear in execution logs, error messages, or API responses.
• Scoped access — Each connection belongs to the user who created it. Other users in the same workspace cannot view or use your connections unless you explicitly share them.
• Revocable — You can delete a connection at any time. Patterns that reference a deleted connection fail with a clear error message at execution time.

Manage connections

Update a connection

1. Go to the Connections page.
2. Select the connection you want to update.
3. For OAuth connections, select Reconnect to go through the authorization flow again.
4. For API key connections, enter the new key and select Save.

Delete a connection

1. Go to the Connections page.
2. Select the connection you want to remove.
3. Select Delete and confirm.

Any deployed pattern that references a deleted connection continues to run, but fails when it reaches a node that needs the credential. Update those patterns to use a different connection or remove the reference.

Tips

• Use descriptive names. If you have multiple connections to the same service (for example, a personal GitHub account and an organization account), name them clearly: "GitHub — Personal" and "GitHub — Acme Org".
• Prefer connections over hardcoded tokens. Connections are encrypted, updatable, and revocable. A hardcoded token in a String literal is none of these.
• Test with a non-production account first. When setting up OAuth connections to critical services, start with a test account to verify the integration works before connecting your production credentials.
• Rotate credentials regularly. For API key connections, update the key periodically. DRAGOPS makes this easy — update the connection once and all patterns that use it pick up the new key automatically.

What is next?