Retrieving API Credentials

Getting 3rd party access credentials using Xkit

Once your users have created connections to 3rd party apps using Xkit, you can retrieve their credentials for those apps to access their APIs. To retrieve credentials, call the Get Connection API with a Platform API Key to retrieve a single context's (user or group's) connection to a 3rd party application.

All you need to know is the context's unique ID as provided to Xkit when creating and the slug of the connector which you configured in the Xkit Dashboard, usually a short string like slack.

A Node.js example is below:

import axios from 'axios'
const SECRET_KEY = process.env.XKIT_SECRET_KEY

async function getAccessToken(userId, connectorSlug) {
  const {
  } = await axios({
    baseUrl: '',
    url: `/contexts/${userId}/connections/${connectorSlug}`,
    auth: {
      username: PUBLISHABLE_KEY,
      password: SECRET_KEY
  if (!connection.enabled) {
    console.log(`User ${userId} has not enabled ${connectorSlug}`) 
  } else if (authorization.status !== "active") {
    console.log(`User ${userId} has authorization for ${connectorSlug} in a ${authorization.status} status`)
  } else {
    return authorization.credential

// ...
const slackToken = await getAccessToken('some-user-id', 'slack')

Access Tokens Unavailable

If a user has not yet enabled the connection, the enabled parameter of the connection will be false.

If a user has enabled the connection, but no access token is available, the credential parameter of the authorization will be empty, and the status parameter will be something other than active (most commonly error).

Refreshing Access Tokens

This endpoint will automatically refresh expired access tokens if the corresponding service supports it. If you receive an error message from the service that an access token is expired or invalid, call this endpoint again to receive a new access token or the updated status of the connection.