open-connector
OpenConnector is an open-source gateway that securely connects AI agents and applications to 1,000+ SaaS providers (GitHub, Gmail, Notion, Slack, etc.) through a unified interface. It handles credential management, OAuth flows, and action execution while keeping secrets server-side, accessible via SDK, CLI, MCP, HTTP, or a web console.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | oomol-lab/open-connector |
| Owner | oomol-lab |
| Primary language | TypeScript |
| License | Apache-2.0 — OSI-approved |
| Stars | 903 |
| Forks | 42 |
| Open issues | 1 |
| Latest release | v1.0.0 (2026-07-08) |
| Last updated | 2026-07-08 |
| Source | https://github.com/oomol-lab/open-connector |
What open-connector is
TypeScript-based auth gateway exposing 9,400+ prebuilt Actions across 1,000+ providers. Deployable as Node.js/Docker locally, on Cloudflare Workers (with D1/R2), or via OOMOL's hosted runtime. Provides OpenAPI 3.1 contracts, MCP protocol support, credential encryption, scope policies, and inspectable run logs.
Get the open-connector source
Clone the repository and explore it locally.
git clone https://github.com/oomol-lab/open-connector.gitcd open-connector# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Node.js 22+ and either Docker Compose (local) or Cloudflare account + CLI setup (wrangler). Plan for 2–4 hours initial deployment.
- Credential storage backend (local SQLite, D1, or OOMOL-hosted) must be decided upfront; encryption keys and rotation policies are operator responsibility.
- OAuth setup for each provider requires vendor app registration and approval; some vendors (Google, GitHub, Slack) may take days or weeks for approval.
- Action executor source code is lazy-loaded; verify that required provider Actions are available and current in the catalog before relying on them.
- MCP, HTTP, SDK, and CLI interfaces all expose the same Action contracts but have different auth/invocation patterns; choose based on agent framework (claude, etc.).
When to avoid it — and what to weigh
- Need cutting-edge provider coverage — Project is newly released (v1.0.0 as of 2026-07-08). Provider catalog maturity and real-world compatibility with all 1,000+ claimed providers requires verification in production.
- Minimal operational overhead required — Self-hosted deployment requires managing Docker, Node.js, databases, and credential encryption. Cloudflare deployment adds Worker/D1/R2 familiarity requirements.
- Cannot use Apache 2.0 license — Project is Apache 2.0 licensed. If your commercial product or internal use has stricter license compatibility requirements, requires legal review.
- Real-time, sub-100ms latency critical — Gateway adds a hop between agent and provider. Cloudflare deployment may introduce latency; performance characteristics under load are not documented.
License & commercial use
Apache License 2.0 (permissive, OSI-approved). Allows commercial use, modification, and distribution with copy of license and notice of changes. No patent grant; no warranty.
Apache 2.0 permits commercial use and closed-source derivative products. However, any modifications to the licensed code must be disclosed if distributed. Verify with legal counsel if you modify and redistribute the library. No guarantee of vendor support for commercial deployments; hosted OOMOL option available as alternative.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Strong |
| Assessment confidence | Medium |
Project keeps credentials and scopes behind the runtime boundary (good design). Credential encryption, secret rotation, and audit logging are operator/configuration responsibilities. No third-party security audit mentioned. OAuth flows follow standard practices. MCP, HTTP, and SDK endpoints should all enforce auth tokens or caller identity policies—verify token lifecycle and policies are correctly set before production use.
Alternatives to consider
Composio
Comparable auth gateway for agents; closed-source but hosted option with similar provider coverage. Use if you prefer vendor-managed infrastructure over self-hosted.
Zapier/Make (formerly Integromat)
Mature, cloud-only integration platforms with 5,000+ apps. Use if you need no-code automation and can tolerate vendor lock-in.
LangChain Tools / Custom Agent Middleware
Lower-level approach: build credential handling and provider integrations in-app. Use if integration scope is small and you prefer minimal external dependencies.
Build on open-connector with DEV.co software developers
Start with a local Docker deployment or deploy to Cloudflare in minutes. Review the quickstart guide and evaluate provider coverage for your use case.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
open-connector FAQ
Can I use OpenConnector with Claude, GPT-4, or other LLMs?
Where do user credentials live?
Can I deploy OpenConnector on AWS, GCP, or Kubernetes?
How many providers and Actions are actually available?
Work with a software development agency
Need help beyond evaluating open-connector? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and mcp servers integrations — and maintain them long-term.
Ready to connect your agents to SaaS?
Start with a local Docker deployment or deploy to Cloudflare in minutes. Review the quickstart guide and evaluate provider coverage for your use case.