APIANT
GuidePlatformv1

API Authentication

How APIANT handles authentication for external services. Most integrators use API keys — a few minutes to set up, no developer portal spelunking. OAuth is the advanced case.

Most services APIANT connects to use one of two auth types:

  • API Key — a single token (or username/password pair) you paste into the keyvault when Claude prompts you. Setup: 1–5 minutes. The typical case.
  • OAuth V2 — a multi-step flow where you register a developer application with the service. Setup: 15–60 minutes. Use only when the service requires it.

The walkthrough below uses Anthropic as the example service. Anthropic was chosen because you, as a Claude Code user, already have an API key on hand. OAuth is covered separately under When OAuth is required.

Prerequisites

  • The plugin is installed and /apiant-setup reports healthy. If not, finish Install the Plugin first.
  • An Anthropic API key. Any key with model access works; the walkthrough sends one short message.

Steps

1. Describe what you want

In Claude Code, describe in plain English what the integration should do. Say what kicks it off and what should happen. Claude works out the trigger/action structure for you.

"Take text posted to a webhook, send it to the Anthropic API for a one-line summary, and save the summary to keyvalue storage under the key last_summary."

Claude reads the request and starts the build.

2. Claude discovers the connector and the action

Before building anything, Claude looks up the Anthropic connector in the catalog and inspects which actions and fields it offers. You don't need to know the action names or the field names; Claude finds them. The action it lands on is Message to AI — one input for the prompt, one for system instructions, plus model and max_tokens settings.

3. Claude prompts you for the API key

The first time an automation in your account uses Anthropic, the keyvault has no entry for it. Claude surfaces this with a direct link to the connection-manager page where you paste the key:

"I need an Anthropic API key to continue. I've opened the connection page for you — paste your key from platform.claude.com, save, and tell me when you're done."

The keyvault entry is scoped to your account. The credential you paste is reused by every automation you build from then on; each integrator on the tenant does this once per service for themselves.

Paste the API key into the connection-manager page Claude opened, not into the chat. Anything in the chat is part of the conversation transcript. The keyvault is encrypted and scoped to your account.

After you confirm the paste, Claude continues.

4. Claude builds the automation

With the key in place and the connector understood, Claude drafts the automation:

  • The trigger is a webhook. APIANT mints the URL.
  • The action is Message to AI, with the prompt mapped from the webhook's text field and a short system instruction like "Summarize the input in one sentence."
  • A keyvalue write records the summary under last_summary so you can read it back.

Claude commits the automation and prints the editor link plus the webhook URL. You review the result visually in the automation editor — that's where wrong mappings, step ordering, and trigger details are easiest to spot. The one exception is at-risk field mappings (dates, phone numbers, currency formats); Claude flags those before committing and asks how you want them handled, since data-format mistakes are hard to catch by eye.

5. Test it

Ask Claude to test it. Claude picks up the most recently committed automation and starts the test workflow.

Brand-new webhook automations need an actual request to fire. Claude tries to replay one from history first; if there isn't one — common on a brand-new webhook — Claude asks you to send a sample. For this automation, Claude gives you a curl command pointed at the webhook URL with a sample body, and asks you to run it from your terminal:

bash
curl -X POST <webhook-url> \
  -H "Content-Type: application/json" \
  -d '{"text": "APIANT is an integration platform you drive through Claude Code. You describe what you want; the platform builds, tests, and ships it."}'

Run it. Claude polls the execution history, finds your run, and walks the steps: did the webhook fire? did Message to AI return a summary? did the keyvalue step record it? If any step errored, Claude names which one and proposes a fix.

6. You have a real external integration running

The automation is live. Anyone with the webhook URL can fire it. Anthropic calls run against your API key. Results are visible in the run history.

You did not write code. You did not click through a connector wizard. You described the integration; Claude built it; you supplied one credential.

When OAuth is required

Some services (HubSpot, Shopify, Salesforce) only offer OAuth — there is no static API key to paste. To integrate with those, you register a developer application with the service first. Claude walks you through that with dev-browser, reading the live developer-portal page beside you and guiding you through MFA, scopes, and redirect URI configuration. Connector construction itself is covered in App Connectors.

Once the OAuth app exists, the rest of the build looks the same as the API-key walkthrough above.

Troubleshooting

The keyvault link opens an empty page

The connection-manager URL embeds the service name. If it loads but shows no fields to fill in, the service expects a different credential format than a single API key (e.g., a key and a workspace ID, or a username/password pair). Claude tells you the right field set as part of the credential prompt — re-read its prompt; it spells out exactly what to paste where.

The test run errors with "401 Unauthorized" from Anthropic

Your API key is wrong, expired, or was revoked. Check three things, in order:

  1. Did the key land in the keyvault under the Anthropic connector? The keyvault entry has to match the connector Claude is using. Claude prompts with the right name; if you renamed the entry, rename it back.
  2. Is the key still valid in platform.claude.com? Keys revoked or rotated in the Anthropic console stop working immediately.
  3. Does your Anthropic account have credit and access to the model used? A new account with no funded balance returns 401-class errors on real calls.

Re-paste a known-good key into the keyvault and ask Claude to retest.

The test runs but the summary field is empty

The webhook fired and the Message to AI call succeeded, but the field you wanted didn't come back populated. Almost always a field-mapping issue, not an auth issue. Ask Claude:

"Look at the last execution and tell me which step's output was empty and why."

Claude reads the run history step by step and identifies the broken mapping. Most fixes are one edit away.

Anthropic returns a 429 or "overloaded" error

You hit a rate limit on your Anthropic account, not an APIANT problem. Wait a minute and ask Claude to retest. If it recurs on every run, your account-level rate limit is set lower than this walkthrough's traffic — raise it in the Anthropic console or use a higher-tier key.

Related docs

Last updated May 4, 2026