- Secure Flow: Your app connects to the Major API, which proxies requests to your actual connectors.
- Authentication: Powered by a
MAJOR_JWT_TOKENissued to your session. This token contains your user scopes, ensuring the client can only access what you’re permitted to access. - Generated Clients: Major generates resource clients for you. You’ll find one per resource in
src/clients/.
Setting up a connector
- Navigate to Connectors
- Click Add Connector and select the type
- Configure the connection details and credentials
- Attach the connector to your app via the web editor or
major resource manage
Resource credentials are encrypted and never exposed to the client-side application code.
Shared vs. per-user connections
When you configure a connector, you choose how it authenticates:- Shared — one set of credentials for everyone. The person setting up the connector provides them, and every app user and agent run uses that same account. Best for system-owned resources like a production database.
- Per-user — each person authorizes their own account (for example, their own Google Calendar) instead of a shared login. Only some connectors — typically OAuth services — support this.
/connect page to complete OAuth, then returned where they were. Because the connector acts as whoever is using it, each person only touches data they’re entitled to. Users manage the accounts they’ve authorized from Connected Accounts.
Per-user OAuth
Full details on shared vs. per-user authentication modes.
Per-environment configuration
When editing a connector, you can configure each environment independently. This lets you use different credentials or endpoints for staging and production.| Environment | Host | Database |
|---|---|---|
| default | prod.example.com | myapp_prod |
| staging | staging.example.com | myapp_staging |
Learn more about Environments
See how to create and manage environments for your organization.
Resource context
You can upload context files — database schemas, OpenAPI specs, API documentation, and more — to any connector. The AI assistant uses this context when writing queries and API calls against that resource, so it understands your data model without you having to explain it every time. If your app needs a connector that hasn’t been set up yet, the AI will show a setup card in the chat — click it to configure the resource inline without leaving the editor.Identity-based authentication
For AWS services (S3 and DynamoDB), you can use IAM Assume Role Identities instead of access keys. Create an identity in Settings > Identities, review the generated trust policy for your IAM role, and select identity-based authentication when configuring the resource. For GCP services (BigQuery), you can authenticate via a service account JSON key in addition to OAuth. Create a GCP identity in Settings > Identities to manage service accounts across resources. Identity-based authentication is more secure and avoids storing long-lived credentials.Rate limiting
Set hourly and daily invocation limits on any connector to protect downstream services from runaway usage. When a limit is reached, requests return429 Too Many Requests until the window resets. Configure limits when creating or editing a connector.
Don’t see the connector you need? Click Request it in the Add Connector dialog to submit a request.