Scalekit: Auth Stack for AI Apps

Agent auth and tool-calling. One stack.

Delegated user identity. Scoped permissions. Tool-calling. Everything your agent needs in production.

Agent use cases

Customer-facing agents. Internal agents. One stack.

Customer-facing agents

Your agent. Your customers’ tools.

Your agent connects to each customer's own Salesforce, Zendesk, Slack — their credentials, their scopes, their tenant. Multi-tenant OAuth out of the box. No shared service accounts.

Internal agents

Agents built for your internal teams.

Agents built for internal teams act as the specific employee who triggered them — inheriting their SSO identity and permissions. Not a bot account with org-wide access.

CUSTOMERS

Trusted by teams shipping agents.

STORIES

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni,

Head of Engineering, Von

"We needed an auth solution that just works so we could focus on our core AI features. Scalekit eliminated months of auth complexity."

Harsh Vakharia

Product and Solutions, SiftHub

"Enterprise customers required different integrations. We needed to keep shipping. Scalekit was the fastest way to do it without splitting the team."

Erwan Martin

Director, Engineering, Napkin.ai

"We needed an auth solution that just works so we could focus on our core AI features. Scalekit eliminated months of auth complexity."

Harsh Vakharia

Product and Solutions, SiftHub

"Scalekit made auth a breeze. Secure, scalable, and we can open up modules as we see fit. Exactly what an embedded agent product needs."

Suman Varanasi

Co-Founder & CTO, Fello

"Clear docs, practical guides. Felt like we had a roadmap for every scenario. Got our agent connected to Salesforce in under an hour."

Gábor Szabad

Engineering Lead, Wise

Every agent action.
Four layers deep.

An agent asks to pull Salesforce contacts for a user. Four things have to happen before it gets anywhere near an external system — and your code handles none of them.

01

Your agent never touches a credential

Your agent makes the call. Scalekit resolves the credential, checks the vault, and returns data.

02

Agents act only within what users approved

Every request is scope-checked per connector,per tenant. Anything outside never reaches the API.

03

Clean data back to your agent, every time

Pagination, rate limits, retries, errors. All handled before the response reaches your agent.

04

Every action traced back to the user who approved it

Every delegation chain logs who authorized, which agent, tool, scope, and results — SIEM-exportable.

01

Your agent never touches a credential

Your agent makes the call. Scalekit resolves the credential, checks the vault, and returns data.

02

Agents act only within what users approved

Every request is scope-checked per connector,per tenant. Anything outside never reaches the API.

03

Clean data back to your agent, every time

Pagination, rate limits, retries, errors. All handled before the response reaches your agent.

04

Every action traced back to the user who approved it

Every delegation chain logs who authorized, which agent, tool, scope, and results — SIEM-exportable.

Connectors

Any endpoint your agent needs.

SaaS apps, internal APIs, databases, MCP servers, and custom OAuth endpoints. Not just third-party integrations.

Browse all 100+ connectors

See custom connectors

Security & Reliability

Built for production.

SaaS apps, internal APIs, databases, MCP servers, andcustom OAuth endpoints. Not just third-party integrations.

01

Encrypted vault. Your code never sees a credential.

AES-256, per-tenant isolated. Tokens auto-refresh before expiry. Your agent gets an opaque reference - nothing sensitive enters your app, logs, or memory.

02

Multi-region. 99.99% uptime.

Deploy to US or EU. Your data stays in your chosen region. 99.99% uptime, guaranteed.

03

Private cloud or Scalekit-hosted.

Deploy in your VPC for full data boundary control. Or let us run it. HIPAA-ready on request.

04

Full delegation chain. Every action logged.

Who authorized, which agent, which tool, what scope, what came back. Queryable, exportable to Datadog, Splunk, or any SIEM. 90-day retention by default.

AUTH FOR SAAS APPS

Building a SaaS product
alongside your agent?

Start building

User management, roles, SSO, and SCIM provisioning for the teams using your product. One platform, from your users all the way to the orgs they belong to.

FREQUENTLY ASKED QUESTIONS

Common questions about auth infrastructure

How does Scalekit help my agent connect to apps and APIs?

Scalekit gives your agents authenticated and scoped access to third-party apps — Gmail, Slack, Salesforce, GitHub, Notion, and 100+ more. Scalekit handles the delegated OAuth flow, token storage, and the tool call on behalf of your user. No service accounts, or hardcoded credentials.

How does "acting on behalf of a user" actually work?

When a user authorizes a connector, Scalekit creates a connected account — a per-user token store tied to that user's identity. Every tool call your agent makes uses that specific user's credentials. Actions appear as that user in the target app, and access is limited to exactly what they've authorized.

Which apps and tools are available out of the box?

100+ pre-built connectors covering productivity (Gmail, Google Calendar, Outlook), project management (Jira, Linear, Asana, Notion), CRM (Salesforce, HubSpot), data (Snowflake, BigQuery), code (GitHub, GitLab), and many more. Each connector comes with a ready-to-use tool library.

Can I bring my own app credentials?

Yes, we recommend bringing your own credentials for production agents — set it up once and Scalekit handles per-user token storage, refresh, and state tracking automatically. We also offer managed OAuth for a few applications so you can test the workflow easily.

Which AI frameworks does Scalekit support?

Scalekit is framework-agnostic — tool schemas work with any LLM API. Native integrations are available for LangChain, Google ADK, Anthropic, OpenAI, Vercel AI, and Mastra. Node.js and Python SDKs are available too.

Can I build my own connectors?

Yes. You can build them. Add a custom tool to an existing connector, or bring your own connector entirely by defining its auth pattern and tool schemas. Scalekit manages credential storage and injection — your custom connector works exactly like a built-in one.

Can I request for a new connector?

Yes, you can. Go ahead and fill out the form below so we can build it for you. Typically, it should be live and ready to use within 1 week. https://portal.usepylon.com/scalekitsupport/forms/request-a-connector-tool

What if I need to connect my agent to an internal API?

You can bring your own connector by defining its auth pattern and tool schemas. Scalekit manages credential storage and injection — your custom connector works exactly like a built-in one.

Start building.

Add auth to your agents in minutes. No infra to manage. No token headaches.

Read the Quickstart

Connect your agents with‍SaaS apps, APIs, MCP servers.