Alfrada Docs

Appearance

Connect Services That Don't Have OAuth

April 21, 2026

Some services log in with a username and password or a raw API key — Xero web logins, niche scraper cookies, paid API tokens. When the agent needs one of those mid-conversation, a secure modal slides in right inside the chat. You enter the credential once, it gets stored in the same encrypted vault as your OAuth connections, and the conversation picks up where it left off.

What you can do

  • Connect non-OAuth services without leaving the chat. When the agent hits a step that needs a login or API key, the modal appears inline. No detour to Settings, no losing your place in the conversation.
  • Reuse what you already have. If you've already saved a credential of the same type, the modal offers it as a one-click reuse. You won't type the same Xero login into ten sessions.
  • Same vault, same encryption. Captured credentials live in the same encrypted store as your OAuth tokens. No second-class secret storage.

When you'd notice it

  • You ask for yesterday's Xero invoices. Xero doesn't have OAuth on the free tier, so the agent needs your login. The modal slides in, you type once, the conversation resumes.
  • You're running a scraper that needs a site cookie. The modal sees you already saved one and offers it as a one-click reuse.
  • A paid API hands out raw keys instead of OAuth. You paste the key inline; every future session picks it up automatically.

Try it

This is usually triggered by the agent itself when it needs a credential — you don't typically call it directly. To try it explicitly:

  • "Connect my Xero account using the web login."
  • "Save my API key for [service] so you can use it in future sessions."

Heads up

  • Same approval flow as OAuth. The modal is a first-class chat interrupt — the conversation waits for you to finish.
  • The "already have it" chip is opt-in. If you want a new credential (different account, different site), proceed without clicking the chip and a fresh entry gets created.
  • Revoke from the Safety Center. Anything captured here can be deleted later.

Built for the Alfrada platform.

Copyright 2026 Alfrada