Skip to main content

Managing Credentials

Learn how to securely store and manage your third-party service credentials in Reeva.

What Are Accounts?

Accounts (also called credentials) are secure storage for your API tokens, keys, and authentication details for third-party services. When you connect a platform like Notion, Firecrawl, or Jira, Reeva stores those credentials and automatically injects them when your tools execute.

Why Use Accounts?

  • Security — Credentials are never exposed in tool calls or logs
  • Reusability — Link once, use across multiple custom tools
  • Manageability — Update credentials without modifying your tools
  • Separation — Keep dev/staging/prod credentials isolated

How It Works

Supported Platforms

Reeva supports 12 platforms for credential storage:

API Key Only

These platforms require just an API key or token:

PlatformDescription
NotionWorkspace integration for pages and databases
FirecrawlWeb scraping and crawling
PerplexityAI-powered web search (Sonar API)
ApifyActor automation and web scraping
OpenAIGPT models and embeddings
AnthropicClaude models
GeminiGoogle AI models

URL + API Key

These platforms require both a URL and API key:

PlatformDescription
SupabasePostgreSQL database with REST API
n8nWorkflow automation (cloud or self-hosted)

Extended Credentials

These platforms have additional required fields:

PlatformRequired Fields
JiraURL, Email, API token
Mem0API key, Org ID (optional), Project ID (optional)
Header AuthHeader name, Header value

Creating Accounts

Step-by-Step Guide

  1. Navigate to Accounts

  2. Click "Connect Platform"

    • Opens the platform selection modal

  3. Select Your Platform

    • Choose from the available integrations
    • Each shows a brief description

  4. Enter Credentials

    • Fill in required fields (varies by platform)
    • Use descriptive account name
    • Add optional description

  5. Save

    • Click "Create Account"
    • Credentials are encrypted and stored

Platform Setup Guides

Notion

  1. Go to notion.so
  2. Click Settings & membersIntegrations
  3. Click Create new integration
  4. Name it (e.g., "Reeva Integration")
  5. Copy the Internal Integration Token
  6. Paste in Reeva

Important: After creating the integration, you must share specific pages/databases with it for access.

Firecrawl

  1. Sign up at firecrawl.dev
  2. Go to your dashboard
  3. Navigate to the API section
  4. Copy your API key
  5. Paste in Reeva

Perplexity (Sonar)

  1. Go to Perplexity Settings
  2. Navigate to API
  3. Click Create API key
  4. Copy the key
  5. Paste in Reeva

Apify

  1. Visit the Apify Console
  2. Go to AccountIntegrations
  3. Copy your API token (starts with apify_api_)
  4. Paste in Reeva

Supabase

  1. Go to your Supabase project dashboard
  2. Navigate to SettingsAPI
  3. Copy the Project URL (e.g., https://abc123.supabase.co)
  4. Copy the anon public key
  5. Paste both in Reeva

Jira

  1. Go to your Jira instance
  2. Click your ProfilePersonal Access Tokens
  3. Click Create token
  4. Copy the generated token
  5. In Reeva, enter:
    • Jira URL: https://your-domain.atlassian.net
    • Email: Your Atlassian account email
    • API Token: The token you just created

n8n

  1. Go to your n8n instance
  2. Navigate to SettingsAPI
  3. Click Create new API key
  4. Copy the key
  5. In Reeva, enter:
    • Instance URL: https://your-instance.n8n.cloud (or self-hosted URL)
    • API Key: The key you just created

Mem0

  1. Visit your Mem0 dashboard
  2. Create a new API key
  3. Optionally, get your Organization ID
  4. Optionally, get your Project ID
  5. Paste in Reeva

OpenAI

  1. Visit platform.openai.com/api-keys
  2. Click Create new secret key
  3. Copy the key immediately (it won't be shown again)
  4. Paste in Reeva

Anthropic

  1. Visit console.anthropic.com/settings/keys
  2. Click Create key
  3. Copy the key
  4. Paste in Reeva

Gemini (Google AI)

  1. Visit aistudio.google.com/app/apikey
  2. Click Get API key
  3. Copy the key
  4. Paste in Reeva

Header Authentication (Generic)

Use this for any REST API that requires custom header authentication:

  1. Select Header Authentication
  2. Enter the Header Name (e.g., X-API-Key, Authorization, X-Auth-Token)
  3. Enter the Header Value (your token or key)
  4. Give it a descriptive name

This is useful for APIs not directly supported by Reeva.

Managing Accounts

Viewing Accounts

The Accounts page displays all your connected platforms as cards showing:

  • Service badge - Platform name with icon
  • Account name - Your custom name
  • Created date - When the account was added
  • Last used - Most recent tool execution using this account
  • Credentials - Stored values (hidden by default)

Editing Accounts

  1. Click the three-dot menu on an account card
  2. Select Settings
  3. Update any of:
    • Account name
    • Credentials (API keys, tokens, URLs)
    • Description
  4. Click Update Account

Viewing Credentials

Stored credentials are hidden by default for security:

  1. Find the credential field on the account card
  2. Click the eye icon to reveal
  3. Click again to hide

Deleting Accounts

Warning: Deleting an account affects all custom tools linked to it.

  1. Click the three-dot menu on an account card
  2. Select Delete
  3. Confirm the deletion

What happens:

  • Account is permanently removed
  • Linked custom tools will fail at runtime
  • You'll need to re-link tools to a new account

Linking Accounts to Tools

Accounts become useful when linked to custom tools. See Custom Tools Guide for full details.

Quick Overview

  1. Create custom tool from a base tool
  2. Select credential from dropdown (shows matching accounts)
  3. Save tool

Runtime Behavior

When a tool with linked credentials executes:

  1. Reeva looks up the linked account
  2. Credentials are decrypted
  3. Credentials are injected into the API call
  4. Tool executes with authentication

Important: Your credentials are never sent to AI models or logged.

Required vs Optional Credentials

Tools have different credential requirements:

TypeBehavior
RequiredTool fails without linked credentials
OptionalUses platform credentials if you don't provide your own

No-Fallback Policy: If you provide credentials and they fail (expired, revoked, etc.), Reeva will NOT fall back to platform credentials. The tool will return an error instead.

Credential Groups (Advanced)

Some tools support multiple credential providers. For example, LLM-powered tools can use:

  • OpenAI (GPT-4o, GPT-4)
  • Anthropic (Claude Sonnet, Claude Haiku)
  • Google (Gemini 2.0 Flash, Gemini Pro)

How It Works

  1. Tool defines a credential group (e.g., "LLM Provider")
  2. You select one account from any supported service
  3. System detects which provider based on your account
  4. Correct API is called at runtime

Example

Tool: llm_generate (supports OpenAI, Anthropic, Gemini)

Your accounts:

  • "Work OpenAI" (openai)
  • "Personal Claude" (anthropic)

When creating custom tool:

  • Select "Personal Claude" as the LLM Provider
  • Tool will use Anthropic's API at runtime

Security Best Practices

Environment Separation

Create separate accounts for different environments:

├── Notion (Production)
├── Notion (Staging)  
├── Notion (Development)

This prevents accidental modifications to production data.

Credential Rotation

Rotate credentials regularly:

TimeframeAction
Every 90 daysRotate API keys
ImmediatelyRevoke if compromised
On team changesRotate shared credentials

Access Control

  • Use separate accounts per team member when possible
  • Revoke credentials when team members leave
  • Audit usage logs for unexpected patterns

What NOT to Do

  • ❌ Share credentials via chat/email
  • ❌ Use production credentials for testing
  • ❌ Keep unused accounts active
  • ❌ Use the same credentials across all environments

Troubleshooting

"Credentials not found"

Cause: The linked account was deleted or deactivated.

Solution:

  1. Go to the custom tool
  2. Edit and select a new account
  3. Save

"Authentication failed"

Cause: Token expired, revoked, or incorrect.

Solution:

  1. Go to Accounts
  2. Edit the account
  3. Enter fresh credentials
  4. Save

"No credentials linked"

Cause: Custom tool doesn't have an account linked.

Solution:

  1. Edit the custom tool
  2. Select an account from the dropdown
  3. Save

Tool works in playground but fails in server

Cause: Different credential configurations.

Solution:

  1. Verify the same account is linked
  2. Check account has correct permissions
  3. Test with the specific custom tool, not base tool

Next Steps