Authenticating Tools
The first step in authenticating your Users is to create an Auth Config. Every toolkit has its own authentication method such as OAuth, API key, Basic Auth, or custom schemes.
An Auth Config is a blueprint that defines how authentication works for a toolkit across all your users. It defines:
- Authentication method - OAuth2, Bearer token, API key, or Basic Auth
- Scopes - what actions your tools can perform
- Credentials - whether you’ll use your own app credentials or Composio’s managed auth

Creating an auth config
Using the Dashboard:
Selecting a toolkit
Navigate to Auth Configs tab in your dashboard and click “Create Auth Config”. Find and select the toolkit you want to integrate (e.g., Gmail, Slack, GitHub).
Selecting the Authentication method
Each toolkit supports different authentication methods such as OAuth, API Key, Bearer Token. Select from the available options for your toolkit.
Configure scopes
Depending on your authentication method, you may need to configure scopes:
- OAuth2: Configure scopes for what data and actions your integration can access.
- API Key/Bearer Token: Permissions are typically fixed based on the key’s access level.
Authentication Management
For OAuth toolkits:
- Development/Testing: Use Composio’s managed authentication (no setup required)
- Production: Generate your own OAuth credentials from the toolkit’s developer portal
For custom authentication schemes: You must provide your own credentials regardless of environment.
Auth configs are reusable
Auth configs contain your developer credentials and app-level settings (scopes, authentication method, etc.). Once created, you can reuse the same auth config for all your users.
When to create multiple auth configs?
You should create multiple auth configs for the same toolkit when you need:
- Different authentication methods - One OAuth config and one API key config
- Different scopes - Separate configs for read-only vs full access
- Different OAuth apps - Using separate client credentials for different environments
- Different permission levels - Limiting actions for specific use cases
Connecting an account:
With an auth config created, you’re ready to authenticate your users!
Choose the section below that matches your toolkit’s authentication method:
OAuth Connections
OAuth connections redirect users to the toolkit’s login page. Popular toolkits that use OAuth authentication include: Gmail, Notion etc.
Here’s how to initiate the flow:
Redirecting Users (OAuth only)
For OAuth flows, you can control where users are redirected after authentication by providing a callback Url:
API Key Connections
For API key authentication, you can either collect API keys from each user or use your own API key for all users. Popular Toolkits that use API Keys include Stripe, Perplexity etc.
Here is how to initiate the flow:
Fetching the required config
parameters for an Auth Config
When working with any toolkits, you can inspect an auth config to understand its authentication requirements and expected parameters.
Here is how you would fetch the authentication method and input fields:
Other Authentication Methods
Composio also supports a wide range of other auth schemas:
Bearer Token - Similar to API keys, provide the user’s bearer token directly when creating the connection.
Basic Auth - Provide username and password credentials for services that use HTTP Basic Authentication.
Custom Schemes - Some toolkits use their own custom authentication methods. Follow the toolkit-specific requirements for such cases.
Fetching auth config
For any of these methods, fetch the config parameter to determine the exact fields required. Every toolkit has its own requirements, and understanding these is essential for successfully creating connections.
Next Step
With authentication set up, you can now fetch and execute tools. See Executing Tools to get started.