Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.picaos.com/llms.txt

Use this file to discover all available pages before exploring further.

Prerequisites

Before you begin, make sure you have:

Backend Setup

1

Step 1

Install the backend package

Install the AuthKit token generator for your backend. This package creates secure tokens that authorize users to connect integrations.

NPM Package

View on npm
npm install @picahq/authkit-token
2

Step 2

Set your Pica API key

Store your Pica API key as an environment variable. Never expose this key in your frontend code.
PICA_SECRET_KEY=your_api_key_here
Get your API key from the Pica dashboard.
3

Step 3

Create a token generation endpoint

Create an API endpoint in your backend that generates AuthKit tokens. This endpoint should be called by your frontend when a user wants to connect an integration.
Create a file at app/api/authkit/route.ts:
import { NextRequest, NextResponse } from "next/server";
import { AuthKitToken } from "@picahq/authkit-token";

const corsHeaders = {
  "Access-Control-Allow-Origin": "*",
  "Access-Control-Allow-Methods": "POST, GET, PUT, DELETE, OPTIONS",
  "Access-Control-Allow-Headers": "Content-Type, Authorization",
};

export async function OPTIONS(req: NextRequest) {
  return NextResponse.json({}, { headers: corsHeaders });
}

export async function POST(req: NextRequest) {
  try {
    // Get the user's ID from your auth system
    // This is just an example - use your actual auth logic
    const userId = req.headers.get("x-user-id");
    
    if (!userId) {
      return NextResponse.json(
        { error: "Unauthorized" },
        { status: 401, headers: corsHeaders }
      );
    }

    const authKitToken = new AuthKitToken(process.env.PICA_SECRET_KEY!);
    
    const token = await authKitToken.create({
      identity: userId, // Your user's unique identifier
      identityType: "user" // user, team, organization, or project
    });

    return NextResponse.json(token, { headers: corsHeaders });
  } catch (error) {
    return NextResponse.json(
      { error: "Failed to generate token" },
      { status: 500, headers: corsHeaders }
    );
  }
}

Token parameters

identity
string
required
A unique identifier for the user, team, organization, or project that will own the connection. Examples: userId, teamId, organizationId
identityType
string
required
Specifies the type of entity that owns the connection. Must be one of: "user", "team", "organization", or "project"
Choose your identityType based on your use case:
  • user: Each user has their own personal connections
  • team: Team members share connections
  • organization: Company-wide shared connections
  • project: Project-specific isolated connections

Frontend Setup

Chrome Users: If you’re developing locally, you may need to disable Local Network Access Checks in Chrome flags. Navigate to chrome://flags, search for Local Network Access Checks, and set it to Disabled.
Chrome flags for Local Network Access
1

Step 1

Install the frontend package

Install the AuthKit client library in your frontend application.
npm install @picahq/authkit

NPM Package

View on npm
This package works with any major frontend framework.
2

Step 2

Add the AuthKit button

Create a button component that opens the AuthKit modal when clicked.
import { useAuthKit } from "@picahq/authkit";

export function ConnectIntegrationButton() {
  const { open, isLoading } = useAuthKit({
    token: {
      url: "/api/authkit", // Your token endpoint
      headers: {
        // Include any auth headers your endpoint needs
        "x-user-id": "user_123" // Example: pass user ID
      },
    },
    onSuccess: (connection) => {
      console.log("Successfully connected:", connection);
      // Handle successful connection (e.g., refresh your UI, save connection key)
    },
    onError: (error) => {
      console.error("Connection failed:", error);
      // Handle error (e.g., show error message to user)
    },
    onClose: () => {
      console.log("AuthKit modal closed");
    },
  });

  return (
    <button onClick={open} disabled={isLoading}>
      {isLoading ? "Loading..." : "Connect Integration"}
    </button>
  );
}

Configuration options

token.url
string
required
URL of your backend endpoint that generates AuthKit tokens
token.headers
object
Headers to include in the token request (e.g., authentication headers)
selectedConnection
string
The name of a specific integration to open directly (e.g., “Google Sheets”, “Slack”). If provided, AuthKit will skip the integration list and open directly to that integration’s authentication flow.
onSuccess
function
Callback when a connection is successfully created. Receives the connection object as a parameter.
onError
function
Callback when an error occurs. Receives the error object as a parameter.
onClose
function
Callback when the modal is closed (whether successful or not)

Configure visible integrations

AuthKit management page
Navigate to the AuthKit settings page in your Pica dashboard to:
  • Toggle integrations: Enable or disable which integrations appear in your AuthKit modal
  • Set OAuth credentials: For OAuth integrations, provide your own Client ID and Client Secret to use your OAuth apps
By default, integrations are not visible. You can selectively enable only the integrations your users need. For more details on managing integrations and OAuth apps, see the Management guide.

Testing your integration

Once you’ve completed the setup, test the flow:
  1. Click your “Connect Integration” button
  2. The AuthKit modal should open with your enabled integrations
  3. Select an integration and complete the authentication
  4. Your onSuccess callback should receive the connection details

View complete demo

Check out our example Next.js app with a full AuthKit implementation

What’s next?

Manage connections

Learn how to list, filter, and manage your users’ connections

Make authenticated requests

Use the Passthrough API to access your users’ integration data

Get help

Email us at support@picaos.com for assistance