back to features

Secret Proxy & Token Minting

Use your stored secrets and connections directly from your own code. Proxy a request through a secret with the credential injected server-side - so the value never leaves the platform - or mint a short-lived OAuth or JWT token for the cases a proxy can't reach. Available across the Node, Go, and Python SDKs.

ChatBotKit's encrypted secret vault stores your API keys, OAuth connections, and per-user credentials, and your agents use them to call authenticated services without ever exposing the value. This feature brings the same capability to your own application code.

Proxy a request

Describe an HTTP request - method, URL, headers, body - and ChatBotKit performs it on your behalf, injecting the secret into the request at egress. The credential value never leaves the platform, and you get the upstream response back verbatim. It works for every secret type, and for OAuth the access token is refreshed automatically. For per-user secrets, address the request by contact so each of your users acts with their own connection.

Mint a token

Sometimes a proxy can't serve the request - a provider SDK that wants a token string, a non-HTTP protocol, or a service reachable only from your own network. For those, mint a short-lived token directly from an OAuth or JWT secret and use it in your code. Minting is owner-only and limited to freshly issued tokens; static credentials such as passwords, basic auth, and API keys stay server-side and are used through the proxy instead.

Everywhere you build

Both operations are first-class methods in the Node, Go, and Python SDKs, alongside the existing secret management APIs - so connecting your agents and your own services to third-party APIs is one consistent, managed system.

secretsconnectoauthjwtapidevelopersdk