Integrations Overview
This page has been cleared and is ready for updated Builder Studio documentation.
Integrations connect a BuilderStudio workspace to an outside provider so nodes and exports can use that provider's credentials. A connection is stored per workspace, scoped to the provider, and the credential material is encrypted at rest. Two kinds of connections exist: OAuth-user connections, where you authorize BuilderStudio against a provider account, and service connections, where you bring your own API key for a supported provider.
How a connection is stored
Each integration connection records the provider, the workspace, a display name, a mode, a status, and an encrypted credential payload. BuilderStudio never stores the raw secret in plaintext: the credential JSON is encrypted before it reaches the database, and saving a connection fails fast if the server's integration encryption key is not configured.
mode "oauth-user" -> you authorize BuilderStudio against a provider accountmode "service" -> you store a provider API key (bring your own key) status: active | pending | error | revoked stored per connection:- provider- workspaceId- displayName- encrypted credential payload (never plaintext)API-key (service) connections
Service connections hold a provider API key you supply. They are saved through the provider-connections endpoint, which validates the credential shape for the provider, encrypts it, and upserts the connection on the current workspace.
POST /api/integrations/provider-connections { "workspaceId": "<workspaceId>", "provider": "<provider>", "displayName": "My provider key", "credentialPayload": { /* provider-specific credential fields */ }} // Include "connectionId" to update an existing connection instead of creating one.For API-key providers, a per-workspace routing policy decides whether execution prefers your connection or a built-in key. The policy mode is one of:
auto— use a bring-your-own connection when one exists, otherwise fall back to the built-in key.built_in— always use the platform key.byo— require your own connection.
OAuth-user connections
OAuth-user connections authorize BuilderStudio against a provider account through a redirect flow rather than a pasted key. The provider returns tokens, BuilderStudio encrypts them, and the connection tracks the granted scopes plus token expiry so it can refresh or surface a re-auth prompt. GitHub and Google Workspace use this style of connection.
Providers available today
The integration surface is intentionally narrow. The currently wired providers are:
| Provider | Connection style | Used for |
|---|---|---|
| Fal.ai | API key (service) | Image and video generation. |
| Google Gemini | API key (service) | Text and Gemini-backed generation. |
| Vercel AI Gateway | API key (service) | Routed model access. |
| ElevenLabs | API key (service) | Audio generation and voice assets. |
| Resend | Service / event provider | Outbound email events. |
| GitHub | OAuth (app install) | Repository access and draft pull-request exports. |
| Google Workspace | OAuth-user | Google Drive and Google Sheets document import and export. |
Connect a provider
Pick the workspace
Open the workspace that should own the connection. You need write access on that workspace to add or edit an integration.
Choose API key or OAuth
For API-key providers, paste the provider credential to create a service connection. For GitHub or Google Workspace, start the OAuth flow and authorize BuilderStudio against your provider account.
Let BuilderStudio encrypt and save
The credential is validated, encrypted, and upserted on the workspace. A connection that saved successfully shows an
activestatus.Set the routing policy if needed
For API-key providers, choose whether the workspace uses your key (
byo), the built-in key (built_in), or automatic fallback (auto).
Was this page helpful?