Skip to main content
Connectors are the databases, APIs, and storage services your apps connect to. Major manages credentials securely so you never need to handle secrets in your code.
  • Secure Flow: Your app connects to the Major API, which proxies requests to your actual connectors.
  • Authentication: Powered by a MAJOR_JWT_TOKEN issued to your session. This token contains your user scopes, ensuring the client can only access what you’re permitted to access.
  • Generated Clients: Major generates resource clients for you. You’ll find one per resource in src/clients/.

Setting up a connector

  1. Navigate to Connectors
  2. Click Add Connector and select the type
  3. Configure the connection details and credentials
  4. Attach the connector to your app via the web editor or major resource manage
Resource credentials are encrypted and never exposed to the client-side application code.

Shared vs. per-user connections

When you configure a connector, you choose how it authenticates:
  • Shared — one set of credentials for everyone. The person setting up the connector provides them, and every app user and agent run uses that same account. Best for system-owned resources like a production database.
  • Per-user — each person authorizes their own account (for example, their own Google Calendar) instead of a shared login. Only some connectors — typically OAuth services — support this.
With a per-user connector, Major gates on the user’s own authorization: anyone who opens an app or runs an agent without a connected account is redirected to a /connect page to complete OAuth, then returned where they were. Because the connector acts as whoever is using it, each person only touches data they’re entitled to. Users manage the accounts they’ve authorized from Connected Accounts.

Per-user OAuth

Full details on shared vs. per-user authentication modes.

Per-environment configuration

When editing a connector, you can configure each environment independently. This lets you use different credentials or endpoints for staging and production.
EnvironmentHostDatabase
defaultprod.example.commyapp_prod
stagingstaging.example.commyapp_staging
You can also enable global configuration for a resource, which uses a single configuration from the default environment across all environments instead of per-environment configs. When enabled, non-default environment tabs are locked with an explanatory tooltip.

Learn more about Environments

See how to create and manage environments for your organization.

Resource context

You can upload context files — database schemas, OpenAPI specs, API documentation, and more — to any connector. The AI assistant uses this context when writing queries and API calls against that resource, so it understands your data model without you having to explain it every time. If your app needs a connector that hasn’t been set up yet, the AI will show a setup card in the chat — click it to configure the resource inline without leaving the editor.

Identity-based authentication

For AWS services (S3 and DynamoDB), you can use IAM Assume Role Identities instead of access keys. Create an identity in Settings > Identities, review the generated trust policy for your IAM role, and select identity-based authentication when configuring the resource. For GCP services (BigQuery), you can authenticate via a service account JSON key in addition to OAuth. Create a GCP identity in Settings > Identities to manage service accounts across resources. Identity-based authentication is more secure and avoids storing long-lived credentials.

Rate limiting

Set hourly and daily invocation limits on any connector to protect downstream services from runaway usage. When a limit is reached, requests return 429 Too Many Requests until the window resets. Configure limits when creating or editing a connector. Don’t see the connector you need? Click Request it in the Add Connector dialog to submit a request.