Skip to main content
Building a SaaS product that needs to integrate with third-party tools? Pica gives you everything you need to write integration logic quickly and reliably—without managing OAuth flows, API credentials, or dealing with each API’s quirks.

Why use Pica for integrations?

Your users connect their accounts through OAuth or API keys—you never need to store or manage credentials. Pica handles authentication, token refresh, and secure storage automatically.
Use the Pica MCP Server in Cursor, Windsurf, or any MCP-compatible IDE. Pica’s knowledge base writes integration requests for you, saving hours of reading through API documentation and figuring out schemas.
We never store or access your integration data. All API calls go directly from your app to the integration—Pica only handles authentication tokens. Your data is yours.
Need an integration we don’t have? We can usually add it within a few days. New integrations are available immediately through the same API—no code changes required.
One API endpoint for 150+ integrations. No need to learn different authentication patterns, error handling, or rate limiting for each platform.
Our knowledge base covers rate limits, pagination, required fields, nested objects, and API quirks for every integration. Get reliable results without debugging each API’s edge cases.

What can you build?

With Pica, you can build integration features with any of the 150+ integrations available in our catalog—from CRMs like Salesforce and HubSpot, to communication tools like Gmail and Slack, to accounting platforms like QuickBooks and Stripe. Common integration patterns:
  • Sync data from customer CRMs, calendars, or project management tools into your app
  • Automate emails, notifications, or updates across integrated platforms
  • Pull reports and analytics from accounting, marketing, or sales tools
  • Create records, update statuses, or trigger actions in third-party systems
  • Build custom workflows that connect multiple tools together

Browse all integrations

Explore 150+ integrations and 25,000+ actions available
Missing an integration you need? Let us know and we can usually add it within a few days. Request integrations at support@picaos.com.

How it works

Pica provides two core components for building SaaS integrations:

1. AuthKit: Let users connect their accounts

AuthKit is an embeddable UI component that lets your users securely connect their third-party accounts (Gmail, Slack, Salesforce, QuickBooks, etc.) directly in your app. Think of it as “Plaid for integrations.” AuthKit handles OAuth flows, token management, and secure credential storage so you never have to touch or store user credentials. When a user connects an integration, you get a connectionKey that you’ll use to make authenticated requests on their behalf.

Learn more about AuthKit

Complete setup guide for integrating AuthKit into your application

2. Passthrough API: Make authenticated requests

The Passthrough API lets you make authenticated HTTP requests to any third-party API without managing credentials. What it does:
  • Provides a unified endpoint for 25,000+ actions across 150+ platforms
  • Automatically authenticates requests using stored connection credentials
  • Uses the same request/response schemas as the underlying API
  • Handles rate limiting, retries, and error responses
  • Returns data directly from the integration (no storage on Pica’s side)
Building requests: You can construct Passthrough API requests using:
  1. The underlying API’s documentation (same schemas apply)
  2. The Pica MCP Server which uses Pica’s knowledge base to write requests for you—saving hours of reading through API docs
Finding action IDs: Every integration action has a unique action ID. Find them in:
  1. The Pica dashboard tools page
  2. The Available Actions API
  3. Using the Pica MCP Server in your IDE

Passthrough API documentation

Learn how to construct requests and handle responses

Complete integration workflow

Here’s how all the pieces work together in a typical SaaS application.
Two approaches for connections:
  • Customer integrations - Use AuthKit to let your users connect their own accounts (recommended for multi-tenant apps)
  • Your integrations - Connect integrations directly in the Pica dashboard and use those for all users (simpler for single-account use cases)
  • With AuthKit
  • Without AuthKit

Customer-facing integrations

Let your users connect their own third-party accounts through your app.
1

User connects their account

User clicks “Connect Gmail” in your app → AuthKit modal opens → User authenticates → Connection created with a unique connectionKey
// Frontend: Open AuthKit
const { open } = useAuthKit({
  token: { url: "/api/authkit" },
  onSuccess: async (connection) => {
    // Save connection to your database
    await saveConnection(currentUser.id, connection);
  }
});
2

Store connection metadata

Save the connection key to your database associated with the user. You’ll use this key to make requests on their behalf.
// Backend: Save to database
await db.connections.create({
  userId: currentUser.id,
  platform: "gmail",
  connectionKey: connection.connectionKey,
  connectedAt: new Date()
});
3

Make authenticated requests

Use the Passthrough API with the user’s connection key to access their data or perform actions.
// Backend: Fetch user's Gmail emails
const userConnection = await db.connections.findOne({
  userId: currentUser.id,
  platform: "gmail"
});

const emails = await fetch(
  "https://api.picaos.com/v1/passthrough/users/me/messages",
  {
    headers: {
      "x-pica-secret": process.env.PICA_SECRET_KEY,
      "x-pica-connection-key": userConnection.connectionKey,
      "x-pica-action-id": "conn_mod_def::F_JeJ3qaLEg::v9ICSQZxR0un5_ketxbCAQ"
    }
  }
).then(r => r.json());
4

Build features with the data

Process the data and display it in your app, sync it to your database, or use it in your workflows.
// Frontend: Display emails in your UI
return (
  <div>
    <h2>Your Emails</h2>
    {emails.messages.map(email => (
      <EmailCard key={email.id} email={email} />
    ))}
  </div>
);

Managing integrations with the API

Use the Core API to programmatically manage integrations, connections, and actions in your application.

View Core API Reference

Complete API documentation for managing connectors, connections, and actions

Development workflow tips

Use the Pica MCP Server in Cursor, Windsurf, or any MCP-compatible IDE to:
  • Explore available actions and their parameters
  • Test API requests before writing code
  • Get AI-powered suggestions for building integration requests
// Add to your IDE's MCP config
{
  "mcpServers": {
    "pica": {
      "command": "npx",
      "args": ["@picahq/mcp"],
      "env": {
        "PICA_SECRET": "your-api-key"
      }
    }
  }
}
Test integration actions in the Pica dashboard playground:
  1. Connect your test account
  2. Use the AI playground to test actions conversationally
  3. Copy the working code to your application
Best practices for storing connection metadata:
  • Save connection keys in your database encrypted at rest
  • Associate connections with user IDs for multi-tenancy
  • Store platform name, connection status, and created date
  • Index by userId and platform for fast lookups
Connection errors can happen (expired tokens, revoked access, rate limits). Handle them gracefully:
try {
  const data = await makePassthroughRequest(connectionKey);
  return data;
} catch (error) {
  if (error.status === 401) {
    // Token expired - prompt user to reconnect
    await notifyUserToReconnect(userId, platform);
  } else if (error.status === 429) {
    // Rate limited - retry with backoff
    await retryWithBackoff(() => makePassthroughRequest(connectionKey));
  } else {
    // Other error - log and notify
    console.error("Integration error:", error);
  }
}
Track your integration usage in the Pica dashboard:
  • View API request logs and response times
  • Monitor error rates by integration
  • Set up alerts for authentication failures
  • Track which integrations your users connect most

Security best practices

Never expose your Pica API key in frontend code. API keys should only be used on your backend server.
  • Store API keys in environment variables
  • Never commit API keys to version control
  • Rotate API keys periodically
  • Use separate keys for development and production
Always verify that the requesting user owns the connection before making requests:
async function getUserEmails(requestingUserId: string, connectionId: string) {
  // Verify the connection belongs to the requesting user
  const connection = await db.connections.findOne({
    id: connectionId,
    userId: requestingUserId
  });
  
  if (!connection) {
    throw new Error("Unauthorized: Connection not found");
  }
  
  // Now safe to use the connection
  return await fetchEmails(connection.connectionKey);
}
Always serve your application over HTTPS in production to protect tokens and connection keys in transit.
Add rate limiting to your API endpoints to prevent abuse:
import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100 // limit each user to 100 requests per window
});

app.use('/api/integrations/', limiter);
Log and monitor integration usage for security audits:
async function logIntegrationUsage(userId: string, action: string, platform: string) {
  await db.auditLog.create({
    userId,
    action,
    platform,
    timestamp: new Date(),
    ipAddress: req.ip
  });
}

Next steps

Set up AuthKit

Add user authentication to your app in under 10 minutes

Passthrough API guide

Learn how to make authenticated integration requests

Browse integrations

Explore 150+ integrations and 25,000+ actions

View tutorials

Step-by-step guides for common integration patterns

Get help

I