Free for agents, hobbyists, and builders

The missing authentication layer for AI Agents.

Give your AI agents secure access to Gmail, Xero, and more without exposing raw credentials. We handle the OAuth, encryption, and proxying — your agent just uses a scoped API key.

Encrypted at RestScoped API KeysGlobal Kill Switch

Zero-config encryptionNot even we can read your tokensOne-click global revokeShort-lived tokens only

Built for agentic workflows

You shouldn't need a dedicated security team to give your agent safe access to a Gmail inbox. Here's how we keep your credentials locked down.

We Can't Read Your Secrets

OAuth tokens and credentials are encrypted at rest with XChaCha20-Poly1305. We literally don't have the keys.

Scoped Keys, Not Secrets

AI agents authenticate with scoped API keys. Raw OAuth tokens are never exposed to agents or third parties.

Kill Switch for All Services

One key revokes access to every connected service—instantly. No chasing down admin panels.

Server-Side Injection Only

Raw tokens decrypted inside our edge worker at request time and never persisted to disk or logs.

Short-Lived Access Tokens

Your agent only receives short-lived access tokens. No long-lived refresh tokens floating around.

Transparent Proxy

Drop-in proxy for Gmail, Google Calendar, Xero, and anything else with OAuth. No vendor lock-in.

Three steps. No OAuth headaches.

Stop managing token refreshes and secure storage. We handle the security perimeter so you can focus on building your agents.

Connect Your Service

OAuth with Gmail, Xero, Google Workspace, and more. We store tokens encrypted. You never touch a client secret again.

Give Your Agent a Key

Generate scoped API keys for each AI agent. Restrict access by provider, endpoint, and action. Rotate or nuke anytime.

Let It Rip

Agents call upstream APIs through our transparent proxy. Tokens are resolved, decrypted, and injected server-side automatically.

Your agent talks to us. We talk to them.

The agent never sees your OAuth tokens. We decrypt and inject them server-side inside a Cloudflare Worker. They're never written to disk or logs.

Your Agent

Sends x-api-key. Nothing else.

HTTP

Connectgate

Validate KeyDecrypt TokenAuto-RefreshInject Auth

HTTPS

Upstream API

Xero, Gmail, GCal, etc.

Response streams back in real-time — no buffering, no latency penalty. Your agent thinks it's talking directly to the API.

Connectgate vs. storing secrets locally

Tokens, API keys, client secrets, and service keys on a laptop or server are a ticking time bomb. Here is how we compare.

Risk Factor	Connectgate	Laptop / Server Storage
Raw Token Visibility	Never exposed to agents	Fully visible in code / memory
Revocation	One-click master disable	Manual per-platform revoke
Token Refresh Logic	Handled automatically	Must build and maintain yourself
Breach Impact	Low — rotate one API key	High — leaked admin credentials
Key Rotation	Instant, scoped per agent	Slow, affects all integrations
Audit & Access Control	Built-in request logging	None by default

The Credential Liability

Your environment gets compromised. Now what?

You have secrets — client secrets for Gmail, service account keys for Google Cloud, OAuth tokens for Xero — all sitting in memory or on disk. If those leak, bad actors hold the keys to your private data or your business. You get to spend your evening logging into every admin panel you can remember to revoke access.

Tokens encrypted with XChaCha20-Poly1305 at rest

We can't decrypt them — the key is tied to your account

Your agent only ever sees short-lived access tokens

One revoke kills access to every connected service instantly

GET /api/proxy/xero/api.xro/2.0/Invoices

x-api-key: cg_live_••••••••••••••••

# Proxy injects server-side:
Authorization: Bearer [decrypted token]
Xero-tenant-id: [auto-resolved tenant]

Your agent only knows its API key. The real secrets stay locked in the vault.

Ship autonomous agents without exposing your credentials.

Stop duct-taping OAuth flows together and pasting service keys into environment variables. Give your agent exactly what it needs—and nothing more.

Free for individuals. Scalable for teams. Open source core.