Skip to main content

How Authentication Works

When you connect services to Tadata, we store your credentials securely. Your AI agent authenticates with Tadata once, and Tadata handles authentication with all connected services on your behalf.

The Flow

  1. You connect services (Linear, GitHub, Slack, etc.) to Tadata
  2. Tadata stores credentials - OAuth tokens or API keys, encrypted at rest
  3. Your AI agent connects to Tadata - Authenticates once with your Tadata toolset
  4. Tadata authenticates with services - Transparently handles auth when tools execute
This means you can create toolsets from multiple sources without managing separate credentials for each one.

Connecting Services

OAuth (Most Common)

For services with OAuth support, click Connect and authorize:
1

Click Connect

Find your service (Slack, Linear, GitHub) and click Connect
2

Authorize

Redirected to the service to review and grant permissions
3

Done

Tadata stores OAuth tokens (access + refresh) securely. Automatic token refresh handled for you.

API Keys

For services without OAuth or custom APIs:
1

Get API Key

Retrieve API key from service settings
2

Configure in Tadata

Enter the API key in Tadata’s connector configuration
3

Done

Tadata stores the key securely and uses it when executing tools

Security

All credentials (OAuth tokens and API keys) are encrypted at rest using industry-standard encryption (AES-256).Only Tadata’s backend services can decrypt credentials when needed for API calls.
For OAuth connections, Tadata automatically refreshes expired access tokens using refresh tokens.You never have to manually refresh tokens or reconnect services.
Revoke access anytime:
  • In Tadata: Disconnect the service
  • In the service: Revoke Tadata OAuth app
  • Tadata stores credentials securely in an encrypted manner, and you can always revoke access and permanently delete tokens through your dashboard
All credentials are permanently deleted upon revocation.
All communication is over HTTPS. Credentials are never logged or exposed in URLs.

Best Practices

OAuth is more secure than API keys:
  • Scoped permissions (read vs. write, specific resources)
  • Revocable without changing passwords
  • Automatic token refresh
Prefer OAuth-enabled connectors over API key connectors.
Grant minimum necessary permissions:
  • OAuth: Select only required scopes during authorization
  • API Keys: Create restricted/scoped keys when possible
If you only read data, don’t grant write permissions.
Create dedicated bot accounts for AI agents:
  • Not tied to any individual (survives team changes)
  • Clear audit trails (all actions under bot name)
  • Controlled permissions (grant only what the bot needs)
Example: Create ai-agent-bot@company.com in Linear, GitHub, Slack.
Periodically review connected services in Tadata:
  • Disconnect unused services
  • Verify permissions are still appropriate
  • Check for expired or failing connections
Fewer connections = smaller attack surface.

Troubleshooting

Symptoms: Redirect fails or “Authorization denied” errorSolutions:
  • Disable popup blockers for Tadata
  • Try in incognito/private browser
  • Verify you have admin access to the workspace/organization
  • Check if service is experiencing an outage
Symptoms: Tools work initially, then fail with 401Causes:
  • OAuth token expired (auto-refresh failed)
  • API key was revoked or expired
  • Tadata app was revoked in service settings
Solutions:
  • Check connection status in Tadata dashboard
  • Reconnect the service if needed
  • Verify credentials are still valid
Symptoms: Some tools work, others fail with 403Causes:
  • Insufficient OAuth scopes
  • API key lacks necessary permissions
  • Resource is private/inaccessible to connected account
Solutions:
  • Review OAuth scopes granted during authorization
  • Reconnect with broader scopes if needed
  • Check API key permissions in service dashboard
  • Verify connected account has access to the resource

Next Steps

Using Connectors

Connect services to Tadata

Test in Playground

Verify authentication is working

Bring Your Own API

Add custom APIs with OpenAPI specs

View Analytics

Monitor usage and errors