Managed vs custom auth

Composio supports two ways to authenticate users with toolkits.

• Composio managed apps: Composio registers and maintains OAuth apps for popular toolkits (GitHub, Gmail, Slack, etc.). Zero setup, works out of the box.
• Custom auth configs: You provide your own OAuth app, API key, bearer token, or other credentials and tell Composio to use them for a toolkit.

Use this page as the canonical guide for deciding between managed auth and custom auth configs, then wiring the chosen auth config into a session.

When to use Composio managed apps

Managed apps are the default. Every toolkit that supports OAuth has a Composio managed app ready to go. Use them when:

• You're building and iterating. No OAuth app registration, no credentials to manage. Create a session and start testing immediately.
• Default scopes cover your needs. Composio requests sensible defaults for each toolkit.
• Branding on consent screens doesn't matter yet. Users will see "Composio wants to access your account" during OAuth. Fine for internal tools, prototypes, and development. You can still white-label the Connect Link page with your logo and app title without needing your own OAuth app.

When to use a custom auth config

Bring your own credentials when any of these apply:

• Your users see OAuth consent screens. In production, users should see your app name, not "Composio." This is the most common reason to switch.
• You need custom scopes. Composio's default scopes may not include everything you need (e.g., write access to a specific Google API).
• You're hitting rate limits. Managed apps share quota across all Composio users. Your own app gets a dedicated quota.
• You need faster polling triggers. Managed auth enforces a 15-minute minimum polling interval; your own app can use shorter polling intervals where supported.
• You're connecting to a custom instance. Self-hosted or regional variants (e.g., a private Salesforce subdomain) need their own OAuth app.
• Enterprise customers require your branding end-to-end.

Create a custom auth config

To check whether a toolkit already has a Composio managed app, see the managed auth toolkit list. You can still create a custom auth config for branding, scopes, rate limits, polling intervals, or custom instances.

from composio import Composio

composio = Composio()
session = composio.create(
    user_id="user_123",
    auth_configs={
        "github": "ac_your_github_config",
        # toolkits not listed here still use Composio managed auth
    },
)

import { Composio } from '@composio/core';

const composio = new Composio();
const session = await composio.create("user_123", {
  authConfigs: {
    github: "ac_your_github_config",
    // toolkits not listed here still use Composio managed auth
  },
});

Mixing per toolkit

You don't have to pick one approach for all toolkits. Use your own credentials for toolkits where users see consent screens (GitHub, Google, Slack) and Composio managed auth for the rest. Each toolkit gets its own auth config independently.

session = composio.create(
    user_id="user_123",
    auth_configs={
        "github": "ac_your_github_config",
        "google": "ac_your_google_config",
        # everything else uses Composio managed auth automatically
    },
)

const session = await composio.create("user_123", {
  authConfigs: {
    github: "ac_your_github_config",
    google: "ac_your_google_config",
    // everything else uses Composio managed auth automatically
  },
});

Toolkits without managed auth

Some toolkits don't have Composio managed auth. For these, the setup is the same as above, except the provider may ask for API keys or instance details instead of OAuth credentials. Browse the full list on the managed auth page or check individual toolkit pages on the toolkits page.

What to read next