Credentials
Securely manage external service credentials and integrations for use in your API workflows.
Overview
The Credentials section lets you connect your project to external services like Stripe, Telegram, Slack, Notion, and the AI providers. Credentials are encrypted with Fernet (a symmetric key unique to each project) and are decrypted only at execution time inside the engine — they are never returned to the UI after being saved.
Once stored, credentials can be referenced from the API Builder when configuring nodes in your workflows.
Credentials are scoped to a single project. Each project manages its own set of integrations independently.
Credential types
DYPAI ships 26 typed credential types plus a generic Custom key-value type. Each node that talks to a third-party service asks for the matching credential.
Payments
Stripe, Stripe Webhook, Polar, Polar Webhook
Messaging
Telegram, WhatsApp, Slack, Discord, Twilio
SMTP, IMAP, Resend, SendGrid
Data & Productivity
Google Sheets, Airtable, Notion, Trello
Dev & CRM
GitHub, Linear, Calendly, HubSpot, Shopify
AI (BYOK)
OpenAI, Anthropic, Gemini
| Category | Credential types |
|---|---|
| Payments | Stripe, Stripe Webhook, Polar, Polar Webhook |
| Messaging | Telegram, WhatsApp, Slack, Discord, Twilio |
| SMTP, IMAP, Resend, SendGrid | |
| Data & Productivity | Google Sheets, Airtable, Notion, Trello |
| Dev | GitHub, Linear |
| Scheduling | Calendly |
| CRM | HubSpot |
| Ecommerce | Shopify |
| AI (BYOK) | OpenAI, Anthropic, Gemini |
| Generic | HTTP Request, Custom (key-value) |
The only Google integration is Google Sheets
DYPAI does not have AWS (S3/SES/SNS/SQS/Lambda/DynamoDB), Google Drive/Calendar/Gmail/Analytics, Microsoft (Excel/OneDrive/Outlook/Teams), MySQL, or MongoDB credential types. For any other API, use the generic HTTP Request credential with the HTTP Request node, or a Custom key-value credential.
BYOK AI credentials
To use your own AI provider instead of DYPAI Managed AI, store an OpenAI, Anthropic, or Gemini credential here and select it on the agent node. With BYOK you pay the provider directly — DYPAI doesn't mark up those tokens. Prefer zero-config? Use DYPAI Managed AI instead (no key needed, billed as AI Credits).
Database access doesn't need a credential
The standalone PostgreSQL node is currently disabled. Use the built-in dypai_database node to read and write your project database — no external connection string or credential required.
Adding Credentials
Open Credentials
Navigate to the Credentials section in your project sidebar.
Find your integration
Browse the integration grid or use the search bar to find the service you need.
Configure
Click Configure on the integration card. Fill in the required fields (API keys, tokens, connection strings, etc.).
Save
Click Save. The credential is encrypted and stored securely.
Once saved, credential values cannot be viewed again. To update a credential, you must re-enter all fields with new values.
Using Credentials in Workflows
When configuring a node in the API Builder that requires external service access, use the Credentials Select widget to pick from your saved credentials.
The engine automatically injects the decrypted credentials at execution time, allowing the node to interact with the external service securely.
Credentials vs Backend Secrets
DYPAI gives you three distinct places to store configuration — pick the one that matches what you're storing:
| Store | What it holds | How it's referenced |
|---|---|---|
| Credentials | Typed third-party API keys (Stripe, Slack, OpenAI…) | Selected on a workflow node via its credential_id |
| Backend Secrets | Generic runtime secrets by name, encrypted (Fernet) | ctx.secrets.X / ${ secrets.X } in workflows |
| Frontend (Build) vars | Public build-time values baked into the client bundle | import.meta.env / process.env in the frontend |
The Code node uses env_vars, not Credentials
The javascript_code Code node cannot select typed Credentials. It reads its own plaintext env_vars (ctx.env.*) defined on the node — do not put real secrets there. For runtime secrets, use Backend Secrets; for typed provider keys, use Credentials on the integration nodes.
Security
- Encryption: Fernet encryption at rest (symmetric, per-project key) for all credential values.
- Decryption: Only at execution time, inside the engine's secure environment.
- Visibility: Values are never returned to the client after the initial save.
- Audit: Credential access is logged for security monitoring.
Next steps
- Build workflows in the API Builder
- Backend Secrets — runtime secrets by name
- DYPAI Managed AI — zero-config AI without a BYOK key
- View logs in the Console