OAuth broker for agents.
Connect to Google, GitHub, Notion, and more — without ever embedding a consent screen. Humans approve once, agents use forever.
# Create a connection $ curl -X POST https://auth.prim.sh/v1/connections \ -H "X-402-Payment: $TOKEN" \ -d '{"provider": "google", "redirect_url": "https://owner.app/oauth/callback"}' { "id": "conn_k7x9m2", "auth_url": "https://auth.sh/redirect/..." } # Later: use the connection as an agent $ curl -X GET https://auth.prim.sh/v1/connections/conn_k7x9m2/token \ -H "X-402-Payment: $TOKEN"
OAuth2 broker
Rotated tokens
Scoped access
Backed by vault.sh

What agents use it for

Account linking

Human approves access to their tools once. The agent then calls APIs through auth.sh using short-lived tokens.

Secret isolation

Tokens never touch the agent's runtime. auth.sh signs requests server-side, using vaulted credentials.

Consent logs

Every authorization and revocation is auditable. Useful for compliance and debugging.

Multi-tenant agents

One agent, many owners. Each owner has their own connection set and scopes.

API reference

POST   /v1/connections           # Create connection
GET    /v1/connections            # List connections
GET    /v1/connections/:id/token # Get access token
DELETE /v1/connections/:id       # Revoke connection

Pricing

ActionCostNotes
Connection create$0.02One-time
Token fetch$0.0005Per call
WebhookFreeRevocation events

OAuth is an API call.

Agents don't own dashboards. They borrow access.

Read the docs →