Authentication
Project API key permissions
Scoped project API keys let you choose which project resources a key can access. Use them when a key only needs a subset of your project, such as executing tools, reading logs, or managing connected accounts.
Permissions are selected when the key is created and cannot be changed later. To change permissions, create a new key and rotate your application to use it.
Default project API keys keep full project API key access. Scoped project API keys use the permission areas and access levels on this page.
Access levels
| Access level | What it allows |
|---|---|
| No access | The key cannot use routes in that permission area. |
| Read only | The key can use read routes in that permission area. |
| Write only | The key can use write routes in that permission area. |
| Read and write | The key can use both read and write routes in that permission area. |
Some read routes use POST because the request body carries filters or lookup input. The access level is based on what the route does, not only the HTTP method.
Permission areas
Jump to each permission area to see the routes it covers.
| Permission area | Available levels | Routes |
|---|---|---|
| Auth configs | No access, Read only, Write only, Read and write | View routes |
| Connected accounts | No access, Read only, Write only, Read and write | View routes |
| Tools | No access, Read only | View routes |
| Tool execution | No access, Write only | View routes |
| Proxy execute | No access, Write only | View routes |
| Toolkits | No access, Read only, Write only, Read and write | View routes |
| Triggers | No access, Read only, Write only, Read and write | View routes |
| Webhooks | No access, Read only, Write only, Read and write | View routes |
| Observability | No access, Read only | View routes |
| Sessions | No access, Read only, Write only, Read and write | View routes |
Auth configs
View and modify auth configs.
| Access | Method | Endpoint |
|---|---|---|
| Read | GET | /api/v3/auth_configs |
| Read | GET | /api/v3/auth_configs/{nanoid} |
| Write | POST | /api/v3/auth_configs |
| Write | PATCH | /api/v3/auth_configs/{nanoid} |
| Write | DELETE | /api/v3/auth_configs/{nanoid} |
| Write | PATCH | /api/v3/auth_configs/{nanoid}/{status} |
Connected accounts
View and manage connected accounts.
| Access | Method | Endpoint |
|---|---|---|
| Read | GET | /api/v3/connected_accounts |
| Read | GET | /api/v3/connected_accounts/{nanoid} |
| Write | POST | /api/v3/connected_accounts |
| Write | POST | /api/v3/connected_accounts/link |
| Write | PATCH | /api/v3/connected_accounts/{nanoid} |
| Write | PATCH | /api/v3/connected_accounts/{nanoid}/status |
| Write | POST | /api/v3/connected_accounts/{nanoid}/refresh |
| Write | DELETE | /api/v3/connected_accounts/{nanoid} |
| Write | POST | /api/v3.1/connected_accounts/{nanoid}/revoke |
Tools
View tool definitions, inputs, scopes, and versions.
| Access | Method | Endpoint |
|---|---|---|
| Read | GET | /api/v3/tools |
| Read | GET | /api/v3/tools/enum |
| Read | GET | /api/v3/tools/{tool_slug} |
| Read | GET | /api/v3/tools/{tool_slug}/get_latest_version |
| Read | GET | /api/v3/tools/scopes/required |
| Read | GET | /api/v3/tools/get_scopes_required |
| Read | POST | /api/v3/tools/execute/{tool_slug}/input |
| Read | GET | /api/v3.1/tools |
| Read | GET | /api/v3.1/tools/enum |
| Read | GET | /api/v3.1/tools/{tool_slug} |
| Read | GET | /api/v3.1/tools/scopes/required |
| Read | GET | /api/v3.1/tools/get_scopes_required |
| Read | POST | /api/v3.1/tools/execute/{tool_slug}/input |
Tool execution
Execute predefined Composio tools.
| Access | Method | Endpoint |
|---|---|---|
| Write | POST | /api/v3/tools/execute/{tool_slug} |
| Write | POST | /api/v3.1/tools/execute/{tool_slug} |
| Write | POST | /api/v3/files/upload/request |
Proxy execute
Execute raw proxy requests against connected accounts.
Proxy execute is separate from tool execution. Grant it only when your application needs to call a connected account API through the raw proxy path.
| Access | Method | Endpoint |
|---|---|---|
| Write | POST | /api/v3.1/tools/execute/proxy |
| Write | POST | /api/v3/tool_router/session/{session_id}/proxy_execute |
Toolkits
View and install toolkits.
| Access | Method | Endpoint |
|---|---|---|
| Read | GET | /api/v3/toolkits |
| Read | GET | /api/v3/toolkits/{slug} |
| Read | GET | /api/v3/toolkits/categories |
| Read | GET | /api/v3/toolkits/changelog |
| Write | POST | /api/v3/toolkits/multi |
Triggers
View trigger types and manage trigger instances.
| Access | Method | Endpoint |
|---|---|---|
| Read | GET | /api/v3/triggers_types |
| Read | GET | /api/v3/triggers_types/{slug} |
| Read | GET | /api/v3/triggers_types/list/enum |
| Read | GET | /api/v3/trigger_instances/active |
| Write | POST | /api/v3/trigger_instances/{slug}/upsert |
| Write | PATCH | /api/v3/trigger_instances/manage/{triggerId} |
| Write | DELETE | /api/v3/trigger_instances/manage/{triggerId} |
Webhooks
View and manage webhook endpoints and subscriptions.
| Access | Method | Endpoint |
|---|---|---|
| Read | GET | /api/v3/webhook_endpoints |
| Read | GET | /api/v3/webhook_endpoints/{nano_id} |
| Read | GET | /api/v3/webhook_endpoints/schema |
| Read | GET | /api/v3/webhook_subscriptions |
| Read | GET | /api/v3/webhook_subscriptions/{id} |
| Read | GET | /api/v3/webhook_subscriptions/event_types |
| Write | POST | /api/v3/webhook_endpoints |
| Write | POST | /api/v3/webhook_endpoints/{nano_id} |
| Write | PATCH | /api/v3/webhook_endpoints/{nano_id} |
| Write | DELETE | /api/v3/webhook_endpoints/{nano_id} |
| Write | POST | /api/v3/webhook_subscriptions |
| Write | PATCH | /api/v3/webhook_subscriptions/{id} |
| Write | DELETE | /api/v3/webhook_subscriptions/{id} |
| Write | POST | /api/v3/webhook_subscriptions/{id}/rotate_secret |
Observability
View execution logs and project usage summaries.
| Access | Method | Endpoint |
|---|---|---|
| Read | POST | /api/v3.1/logs/tool_execution |
| Read | GET | /api/v3.1/logs/tool_execution/{id} |
| Read | POST | /api/v3.1/project/usage/{entity_type} |
| Read | POST | /api/v3.1/project/usage/summary |
Sessions
Create and operate sessions.
| Access | Method | Endpoint |
|---|---|---|
| Read | GET | /api/v3/tool_router/session/{session_id} |
| Read | GET | /api/v3/tool_router/session/{session_id}/toolkits |
| Read | GET | /api/v3/tool_router/session/{session_id}/tools |
| Read | GET | /api/v3/tool_router/session/{session_id}/mounts/{mount_id}/items |
| Read | GET | /api/v3.1/tool_router/session/{session_id} |
| Read | GET | /api/v3.1/tool_router/session/{session_id}/config_history |
| Read | GET | /api/v3.1/tool_router/session/{session_id}/tools |
| Write | POST | /api/v3/tool_router/session |
| Write | POST | /api/v3/tool_router/session/{session_id}/execute |
| Write | POST | /api/v3/tool_router/session/{session_id}/execute_meta |
| Write | POST | /api/v3/tool_router/session/{session_id}/link |
| Write | POST | /api/v3/tool_router/session/{session_id}/search |
| Write | PATCH | /api/v3/tool_router/session/{session_id} |
| Write | POST | /api/v3/tool_router/session/{session_id}/mounts/{mount_id}/upload_url |
| Write | POST | /api/v3/tool_router/session/{session_id}/mounts/{mount_id}/download_url |
| Write | POST | /api/v3/tool_router/session/{session_id}/mounts/{mount_id}/delete |
| Write | POST | /api/v3.1/tool_router/session |
| Write | POST | /api/v3.1/tool_router/session/{session_id}/attach |
| Write | POST | /api/v3.1/tool_router/session/{session_id}/execute |
| Write | POST | /api/v3.1/tool_router/session/{session_id}/execute_meta |
| Write | POST | /api/v3.1/tool_router/session/{session_id}/search |
| Write | PATCH | /api/v3.1/tool_router/session/{session_id} |