Connectors
Connect anything toRylvo.
Start connecting your APIs, databases, and webhooks today. No code required — just authenticate and route.
One integration layer
Tools, state sync, and events in one place. No scattered integrations, no custom middleware — just configure and connect.
Schema-driven safety
JSON Schema v7 validation on every request and response. The LLM only sends what the API expects, and only receives what it can handle.
Auto-wired prompts
Assign a connector to a bot and Rylvo automatically patches its prompt. The LLM learns tool names, parameters, and sync rules instantly.
Built on standards your security team already trusts
Connect anything, trust everything
Every connector speaks the API, auth, and validation protocols your existing stack already enforces — with secrets in a vault, calls in an audit log, and every change reversible.
Open API standards
OpenAPI 3.1
import a spec, get a connector
JSON Schema Draft 7
request + response validation
REST + GraphQL
any HTTP API your stack exposes
Webhooks
HMAC-verified inbound events
JSON-RPC 2.0
for procedural-style APIs
OAuth 2.0 + 2.1
PKCE, client credentials, refresh
7 auth methods — pick the one your API enforces
Build connectors to the tools your team already runs on
Security guarantees — with honest status
Every commitment tagged with its real production status. No vague badges, no implied attestations.
Vault-encrypted credentials
Every API key, OAuth token, and HMAC secret is encrypted at rest with AES-256-GCM and only returned to authorized bots at call time. Never written to disk in plaintext.
Secrets never in logs
Request/response logging automatically redacts auth headers, query params marked secret, and any value that matches a known credential schema. Audit logs show what was called, never what authenticated it.
Scoped tokens by default
OAuth flows request the minimum scope each connector actually needs. No catch-all admin tokens — every connector is least-privilege from creation.
Versioning + one-click rollback
Every save creates a new version. If a new connector revision breaks a workflow, roll back instantly without losing audit history or in-flight requests.
Append-only audit on every call
Every tool invocation is logged with actor, connector version, parameters (redacted), HTTP status, latency, and result — queryable by org, bot, or time window.
Secrets export / rotate
Rotate any credential without breaking existing bots. Bulk export of vault metadata (not secret values) for compliance reviews — designed to align with SOC 2 access-control expectations.
A note on this page. Brand names and marks shown above belong to their respective owners and indicate examples of APIs you can build connectors to using their public, documented HTTP interfaces — not endorsement, partnership, or certification by those companies. Standards and protocols listed reflect what our connectors implement; they are not third-party attestations.
How it works
Design. Authenticate. Transform. Deploy.
Four stages that take any API from idea to production — with live testing, versioning, and automatic prompt wiring at every step.
Live API bridge
tools · responses · stateTool call
JSON-Schema validate gate
Response
Response validate gate
State sync
Patch / Replace gate
Design
Choose type, define schema, set endpoint
Start by choosing your connector type — Tool, State Sync, or Event. Define the endpoint URL, HTTP method, and timeout. For tools, write the JSON Schema that describes what the LLM can send and what it will receive back.
How it works
- 3 connector types: Tool, State Sync, and Event
- JSON Schema v7 for structured input and output validation
- Per-connector endpoint with method, headers, and timeout override
Authenticate
7 methods from API key to OAuth2
Secure every connection with the right auth method. Choose from None, API Key, Bearer Token, Basic Auth, HMAC-SHA256, OAuth2 Client Credentials, or Custom Headers. Secrets are stored safely and only returned to authorized editors.
How it works
- 7 auth methods covering every common API security pattern
- OAuth2 with automatic token refresh and scope management
- HMAC-SHA256 signatures with timestamp verification
Transform
Shape data between your API and the LLM
Not every API speaks the same language as your LLM. Use request transforms to reshape outgoing payloads and response transforms to clean up what comes back. For state sync, map fields between Rylvo and external systems with patch or replace merge strategies.
How it works
- Request and response transforms for tool connectors
- Field mapping and merge strategy for state sync
- Optional input/output schema enforcement on every call
Deploy
Assign to bots, test live, version and ship
Assign your connector to one or more bots. Rylvo automatically patches each bot's prompt with usage instructions — tool names, parameters, approval gates, and state sync rules. Test the endpoint live from the dashboard, then activate with confidence.
How it works
- Auto-wired prompts teach the LLM how to use each connector
- Live HTTP testing with full request/response visibility
- Every save creates a version snapshot; revert anytime
Connector types
3 typesTool
Execute actions on external systems. The LLM calls tools by name with structured arguments.
- JSON Schema input/output
- Request/response transforms
- Approval gates
- Idempotency flags
- Stage-scoped calling
State Sync
Read and write workflow state to external databases, CRMs, or caches. Keep context in sync across systems.
- Bidirectional read/write endpoints
- Patch or replace merge
- Field mapping
- Known-facts injection
- History summary sync
Event
Receive real-time notifications via webhook or polling. Subscribe to workflow events and react instantly.
- 10 built-in event types
- Webhook or polling delivery
- Full payload toggle
- Configurable batching
- Per-event filtering
Authentication methods
7 ways to secure every connection.
None
No authentication required
API Key
Header-based API key authentication
Bearer Token
OAuth-style bearer token in Authorization header
Basic Auth
Username and password encoded in Authorization header
HMAC-SHA256
Signed requests with timestamp and shared secret
OAuth2
Client credentials flow with automatic token refresh
Custom Headers
Arbitrary header key/value pairs
Event types
10 eventsDecision Completed
A workflow decision finished successfully
Decision Failed
A workflow decision encountered an error
Escalation Triggered
A conversation was escalated to a human
Stage Changed
The conversation moved to a new stage
Tool Executed
A connector tool was called and completed
Tool Failed
A connector tool call returned an error
State Updated
Workflow state was synchronized
Verification Failed
An output verification check did not pass
Session Started
A new user session began
Session Closed
A user session ended
Versioning & live testing
Ship with confidence. Roll back with one click.
Version history
Added OAuth2 support and batching
2 hours ago
Switched to HMAC-SHA256 auth
Yesterday
Initial connector setup
3 days ago
Live test result
"status": "ok",
"data": { ... }
}
Answers
What teams usually ask
What types of connectors does Rylvo support?
Rylvo supports three connector types: Tool connectors for executing actions on external systems, State Sync connectors for reading and writing workflow state, and Event connectors for receiving webhook or polling-based notifications.
What authentication methods are supported?
Rylvo supports 7 authentication methods: None, API Key, Bearer Token, Basic Auth, HMAC-SHA256, OAuth2 Client Credentials, and Custom Headers.
How does JSON Schema validation work?
Every tool connector defines input and output schemas using JSON Schema v7. Rylvo validates requests before sending them and responses before returning them to the bot. You can also add request and response transforms to reshape data.
What happens when I connect a connector to a bot?
When you assign a connector to a bot, Rylvo automatically patches the bot's prompt with usage instructions. The LLM learns the tool name, description, input parameters, approval requirements, and state sync rules.
Can I test a connector before deploying it?
Yes. The dashboard includes a live test panel that fires real HTTP requests against your endpoint using the current configuration. You see the full response, headers, and latency before saving.
Does Rylvo version connector changes?
Yes. Every save creates a new version snapshot. You can view the full history, see who made each change, read the change notes, and revert to any previous version with one click.
Deep dive
What modern AI connectors actually need
Schema-first integrations beat string parsing
Without a schema, an LLM either invents fields or omits required ones. Rylvo enforces JSON Schema v7 on both sides of every tool call, so a connector to Stripe, HubSpot, Postgres, or your internal API behaves like a typed function — not a free-text guess. Validation catches drift before the request leaves the bot.
Auth that fits every API you actually use
Public APIs use bearer tokens. Internal services use HMAC. Enterprise vendors require OAuth2 with rotating credentials. Rylvo ships seven authentication strategies out of the box and stores secrets in an encrypted vault — no plaintext keys in your prompts and no hand-rolled signing code.
State sync keeps context coherent across systems
The hard part of bot integrations is not making one call — it's keeping CRM, ticketing, and conversation memory consistent over a 10-turn conversation. State sync connectors read known facts in, write decisions back, and choose patch or replace per field so partial updates do not clobber human edits.
Events close the loop with the rest of your stack
When a bot escalates, fails verification, or finishes a multi-step decision, downstream systems need to know. Event connectors deliver typed payloads via webhook or polling so analytics, on-call, and your data warehouse stay in sync — without you wiring custom listeners for every workflow.
Connect in minutes, not weeks
Your bots are only as powerful as what they can reach.
Start connecting your APIs, databases, and webhooks today. No code required — just configure, test, and deploy.