OAUTH 2.0
CRM & SALES
Connect to Attio MCP. Access and manage CRM records, lists, notes, tasks, emails, and workspace data across people, companies, and deals.
from langchain_mcp_adapters.client import MultiServerMCPClient
from scalekit import ScalekitClient
client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="attiomcp")
mcp = MultiServerMCPClient({
"attiomcp": {
"url": "https://mcp.scalekit.com/attiomcp",
"headers": {"Authorization": "Bearer " + token}
}
})
tools = await mcp.get_tools()import OpenAI from "openai";
import { ScalekitClient } from "@scalekit-sdk/node";
const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "attiomcp" });
const openai = new OpenAI();
// Connect to MCP at https://mcp.scalekit.com/attiomcp
// Pass: Authorization: Bearer + tokenimport Anthropic from "@anthropic-ai/sdk";
import { ScalekitClient } from "@scalekit-sdk/node";
const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "attiomcp" });
const anthropic = new Anthropic();
// Connect to MCP at https://mcp.scalekit.com/attiomcp
// Pass: Authorization: Bearer + tokenfrom google.adk.agents import LlmAgent
from scalekit import ScalekitClient
client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="attiomcp")
# Connect to MCP at https://mcp.scalekit.com/attiomcp
# Pass: Authorization: Bearer + token// shared token
audit → bot_service_account
// scalekit
audit → user_abc ✓Does the agent access Attio as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.
Where is the Attio OAuth token stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.
Can I limit what the agent is allowed to do in Attio?
Yes. Pass a tool name filter to listScopedTools so the productivity agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Attio.
What happens when a user revokes Attio access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.
Does the agent respect record-level permissions in Attio?
Yes. Record, list, note, and task writes inherit the authorizing user's Attio role and access. Every CRM change attributes to the real user in Attio's history.