Store provider API keys securely with BYOK connections

Some providers — Fireflies, PostHog, and Linear — require you to bring your own API key (BYOK). You connect them once via POST /v1/connections, fetchbean stores the credential securely, and from that point on you call all of that provider’s tools using only your fetchbean API key. Your provider key never appears in the request again.

How it works

Get your API key from the provider

Log in to the provider’s dashboard and generate or copy your API key. For Fireflies this is in Settings → API. For PostHog it is in Project Settings → Personal API Keys. For Linear it is in Settings → API → Personal API Keys.

Call POST /v1/connections

Send a request with the provider id, your key in fields, and an optional human-readable label. fetchbean validates the key and stores it encrypted against your account. The response includes the connection id — save it for later if you need to revoke the connection.

Call the provider through POST /v1/run

Once the connection exists, route requests to the provider using your fetchbean API key exactly like any other provider. fetchbean injects your stored credential automatically.

Connecting a provider

Pass your provider API key in the fields object. The exact field name varies by provider — use GET /v1/connections/providers to see the required fields for each one. POST /v1/connections

Field	Type	Required	Description
`provider`	string	yes	BYOK provider id, e.g. `fireflies`, `posthog`, `linear`.
`fields`	object	yes	The provider’s connection fields (key + any config), per `/v1/connections/providers`.
`label`	string	no	Optional human-readable label for this connection.

curl https://api.fetchbean.com/v1/connections \
  -X POST \
  -H "Authorization: Bearer $FETCHBEAN_KEY" \
  -H "Content-Type: application/json" \
  -d '{"provider":"fireflies","fields":{"apiKey":"your-fireflies-key"},"label":"My Fireflies"}'

Response

{
  "id": "conn_...",
  "provider": "fireflies",
  "label": "My Fireflies",
  "created_at": "2024-01-01T00:00:00.000Z"
}

Save the id — you will need it if you ever want to revoke the connection.

Listing connections

Retrieve all connections associated with your account: GET /v1/connections

curl https://api.fetchbean.com/v1/connections \
  -H "Authorization: Bearer $FETCHBEAN_KEY"

Revoking a connection

Delete a stored credential by its connection id. After revoking, calls to that provider will fail until you reconnect. POST /v1/connections//revoke

curl https://api.fetchbean.com/v1/connections/conn_.../revoke \
  -X POST \
  -H "Authorization: Bearer $FETCHBEAN_KEY"

Available BYOK providers

Provider	Provider ID	Tools
Fireflies	`fireflies`	18 tools — transcripts, action items, analytics, channels, contacts, soundbites, and more
PostHog	`posthog`	10 tools — HogQL queries, feature flags, insights, dashboards, error tracking, and more
Linear	`linear`	10 tools — issues, projects, teams, search, create/update, comments, and more

See the catalog for the full list of endpoints available for each BYOK provider and their per-call credit costs.

Call GET /v1/connections/providers to retrieve the required fields schema for each provider, including field names and whether they are required or optional.

​How it works

​Connecting a provider

​Listing connections

​Revoking a connection

​Available BYOK providers

How it works

Connecting a provider

Listing connections

Revoking a connection

Available BYOK providers