OAUTH 2.0
CRM & SALES
Folk is a collaborative CRM that helps teams manage contacts, track relationships, and run outreach — all in one workspace.
token = client.agent.get_token(user_id="user_id", connector="folkmcp")const token = await client.agent.getToken({ userId: "user_id", connector: "folkmcp" });const token = await client.agent.getToken({ userId: "user_id", connector: "folkmcp" });token = client.agent.get_token(user_id="user_id", connector="folkmcp")Does the agent access Folk as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.
Where is the Folk OAuth token stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.
Can I limit what the agent is allowed to do in Folk?
Yes. Pass a tool name filter to listScopedTools so the sales agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Folk.
What happens when a user revokes Folk access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.
Which contacts and groups can the agent manage in Folk?
Only those in workspaces the authorizing user belongs to. People, company, and object writes attribute to that user, so shared relationship history in Folk stays trustworthy.