Skip to main content
Version: 2026.03

Third-Party App Integrations

Some functions require integration with a third-party app. To use them, register the app integration and its auth provider. Credentials for auth providers are encrypted with an RSA public key.

Prerequisites:

  • Install the Python client and initialize the client per the Quick Start guide.
  • You must have Admin permissions to create App Integrations and Auth Integrations.
  • To use Auth Integrations you must set up RSA encryption keys.
  • RSA Key Pair: You need a 2048-bit RSA key pair with a public exponent of 65537.
  • The private key must be securely installed on the agent. See Setting up RSA Encryption Keys for more details.

Creating an App Integration

Provide a name for your integration and indicate the type from the list of supported integration types.

new_app_integration = NewAppIntegration(
    description="ACME Inc. Google Drive",
    integration_type=IntegrationType.GOOGLE_DRIVE,
)

app_integration = client.create_app_integration(new_app_integration)

Adding an Auth Integration

Most Auth Integrations require registration information to enable access. For example, OAuth 2.0 requires client applications to present registered OAuth credentials prior to receiving authorization.

  1. Create an Auth Registration Info file:

Create a JSON file that contains the auth registration information. The structure depends on your auth provider type. See the section on Registration Information for details.

  1. Create an Auth Integration:

Specify the auth integration type from the list of supported types. You can include registration information when creating your Auth Integration.

path_to_json_file = "registration_file.json"

auth_integration = client.create_auth_integration(
    auth_integration_type=AuthIntegrationType.GOOGLE_ACCOUNTS,
    auth_type=FunctionAuthType.OAuth2,
    app_integration_id=app_integration.id,
    auth_registration_path=path_to_json_file,
)

Updating an Auth Integration

If you created an Auth Integration without registration information, you can add it after the fact:

auth_integration = client.update_auth_integration(
    auth_integration_id="6cb78ba5-6f00-4bec-b359-5f483cb93234",
    auth_integration_type=AuthIntegrationType.GOOGLE_ACCOUNTS,
    auth_type=FunctionAuthType.OAUTH2,
    auth_registration_path=path_to_new_json_file,
)

Publishing an RSA Public Key

file_name = "public_key.pem"
file_path = "absolute/path/to/public_key.pem"
tenant_public_key = client.create_tenant_public_key(file_name, file_path)

Using the Public Key

Once your public key is added, the Python client automatically uses it to encrypt secrets:

encrypted_secret_reference = client.add_function_auth_secret(FunctionAuthType.OAuth2, "path/to/secret")