Overview
The platform connects to external AI providers to run inference for your AI workforce. Depending on the provider, you can authenticate using one of three methods: API Key, OAuth Sign-in, or None (for local providers). Each method is configured on the provider’s detail page under External Services.
Authentication Methods
API Key
The standard method for providers with pay-per-token billing. Obtain a key from the provider’s developer console and paste it into the provider detail page. The platform uses the key for every inference request.
Supported providers: Anthropic (API), OpenAI, Gemini, xAI / Grok, Mistral, and most other hosted providers.
OAuth Sign-in
Browser-based authentication using your existing subscription. No API key is required. The platform redirects you to the provider’s login page; once you authenticate, a token is stored securely (encrypted in the database) and refreshed automatically.
Supported providers: Claude / Anthropic (Max subscription), OpenAI Codex (ChatGPT Plus/Pro plan).
Device-Code Sign-in (xAI / Grok)
A headless-friendly OAuth variant for providers whose CLI ships a device-code flow. Rather than a browser redirect back to the platform, the platform runs the provider CLI’s device-auth flow in the build sandbox, shows you a verification URL and a short user code, and waits while you authorize in your browser. The captured credential is stored encrypted, injected into each build sandbox, and self-refreshed. This is the recommended path for Grok because obtaining an xAI API key from console.x.ai is awkward for non-technical operators. See xAI / Grok for the full flow.
Supported providers: xAI / Grok.
None
Used for local providers that run on your machine or local network. No credentials are needed — the platform connects directly to the local endpoint.
Supported providers: Docker Model Runner, Ollama.
How OAuth Works
- Go to the provider’s detail page (External Services > click the provider).
- Select “OAuth (Sign in)” from the Authentication Method dropdown.
- Click “Sign in with [Provider]”.
- Authenticate in your browser on the provider’s website.
- You are redirected back to the platform with a “Connected” status.
- The token refreshes automatically — no manual intervention is needed.
Choosing the Right Method
- If you have a subscription (Claude Max, ChatGPT Plus/Pro) — use OAuth.
- If you have an API account with billing — use API Key.
- If you are running models locally — use None (auto-detected).
Some providers support both OAuth and API Key. You can switch between methods on the provider detail page at any time. Disconnecting an OAuth connection clears the stored token immediately.
Finance Bridge
When a provider is configured successfully, the platform now seeds a Finance bridge for it automatically:
- The provider is linked to a Finance supplier record
- Finance gets a draft AI contract/profile even if the commercial plan details are incomplete
- Missing commercial details become explicit finance work items instead of blocking technical setup
- The provider detail page shows a Finance Bridge panel, and Finance exposes the same supplier through
/finance/spend/ai
This keeps provider authentication and finance ownership connected without forcing the setup user to complete every contract detail up front.
Where To Review It
After provider setup, the finance-linked surfaces are:
-
/platform/ai/providers/[providerId]Shows the Finance Bridge panel with supplier linkage, contract count, work-item count, and billing/usage links. -
/finance/spend/aiShows the finance-owned AI spend workspace with committed spend, setup gaps, and utilization context. -
/finance/suppliers/[id]Shows AI Provider Finance Context when the supplier is linked to a configured provider.
Troubleshooting
- “Token expired” — click Sign In again to re-authenticate. This is the only action required.
- “Provider not configured” — verify that an API key or OAuth connection has been set up for this provider.
- “No eligible endpoints” — the provider needs at least one profiled model. Click “Sync Models & Profiles” on the provider detail page.