List all timeline activity on ISS-123 from this week.
SEE HOW AUTH WORKS
The user authorises once with their DevRev personal access token. Every agent call after uses that token, scoped to the tools you allow.
1
Authorize
Your user connects
DevRev MCP
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
DevRev MCP
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
DevRev MCP
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
DevRev MCP
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
See the same per-user auth pattern across other developer tool connectors.
No items found.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought — shared tokens, no scope enforcement, no audit trail.
01.
Shared tokens break per-user analytics
A shared DevRev PAT looks fine in a demo. In production every API call shows as a service account. Scalekit resolves the real user's credential so issues, comments, and audit logs carry the correct author.
Storing a PAT is table stakes. The production question: is this agent, calling this DevRev tool, for this tenant, in this scope, permitted? Scalekit enforces scope at every call, not just at token issuance.
// authn only has_token? yes call → 200 (anything)
Each customer's DevRev token needs real isolation. You cannot bolt per-tenant namespacing on after launch. Scalekit vaults credentials under tenant-scoped namespaces from day one.
Every new connector is maintenance burden when you own the auth layer. With Scalekit, DevRev MCP shares the same vault and audit chain as every other connector. Zero new auth code per integration.
// DIY: each connector devrev_auth.py github_auth.py ×N
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions
Does every user need their own DevRev token, or can I use one shared PAT?
Every user connects their own DevRev personal access token. Scalekit vaults each token under a per-user, per-tenant namespace. A shared PAT collapses all actions into a single audit identity and breaks any per-user access controls DevRev enforces on your workspace.
How does Scalekit store the DevRev personal access tokens?
Tokens are encrypted at rest with AES-256 and resolved at request time directly into the tool call. The plaintext token never appears in agent context, logs, or LLM prompts. You can rotate or revoke a token from the Scalekit dashboard without redeploying your agent.
Can I limit which DevRev tools a specific agent or tenant can call?
Yes. Use listScopedTools to return only the tools permitted for a given user or tenant. Your agent never sees tools outside the allowed scope, so it cannot accidentally call devrev_work_create when only read access is granted. Scope lists update at runtime without redeployment.
What happens when a user revokes their DevRev token or leaves the organisation?
Scalekit detects the 401 on the next tool call and surfaces a re-auth event to your application. The agent stops executing DevRev tools for that user until a fresh token is vaulted. No other users or tenants are affected. You can also proactively delete a user's credential via the Scalekit API when offboarding.
DevRev uses personal access tokens, not OAuth. Does Scalekit handle PAT-based connectors?
Yes. Scalekit's connector model supports API key and PAT-based services alongside OAuth 2.0 flows. The user enters their DevRev PAT once through Scalekit's auth UI, and from that point the vault, scope enforcement, and audit trail work identically to OAuth connectors. No separate integration path required.