Skip to content

Creating a System

Create a system in superglue to use as reusable building blocks for building tools in superglue. Systems handle authentication and documentation retrieval automatically once configured.

The fastest way to create a system is through the agent interface. Visit app.superglue.cloud and start chatting with the agent.

superglue will:

  1. Identify the target system
  2. Guide you through the authentication flow by collecting all required credentials
  3. Create the system and make it available immediately
  4. Process and analyze the system’s documentation automatically in the background
  5. Test system access and verify your credentials are working

superglue supports many different authentication methods. All credentials are encrypted both at rest and in transit.

OAuth

superglue supports both the client credentials flow and authorization code flow with automatic token refresh.

superglue handles:

  • Scope validation
  • Token exchange and storage
  • Error handling for token issues
  • Automatic token refresh during tool execution

Used when users grant access to their account data.

  1. User clicks the “connect to provider” button
  2. Redirected to the provider’s login page
  3. User grants permissions for requested scopes
  4. superglue exchanges the authorization code for access tokens
  5. Tokens are automatically refreshed on expiration

Examples: Slack, Salesforce, Google Services

Used for server-to-server communication with no user interaction.

  1. Application requests an access token using client ID and secret
  2. Token is automatically refreshed before expiration
  3. No user consent required

Examples: Twilio, Auth0 Management API, Microsoft Graph

Required fields:

  • clientId, clientSecret, authorizationUrl, tokenUrl

Optional fields:

  • scopes: space-separated OAuth scopes
  • redirectUri: redirect URL after authorization
API keys

The simplest authentication method. Provide an API key and superglue automatically determines where to include it based on the API’s documentation.

Possible placements:

  • Authorization header: Authorization: Bearer {key}
  • Custom header: X-API-Key: {key}
  • Query parameter: ?api_key={key}
  • SendGrid: API key in Authorization header with Bearer prefix
  • Airtable: Personal access token as Bearer token
  • Zendesk: Email + API token combined as basic auth ({email}/token:{apiKey})
  • Shopify: Custom header X-Shopify-Access-Token
  • Mailchimp: Basic auth with anystring as username and API key as password
Data storage connections

Connect to databases and data stores by providing connection details. Supported types include PostgreSQL, MSSQL, Redis, MongoDB, and FTP/SFTP servers.

PostgreSQL requires a connection URL in the format postgresql://<<user>>:<<password>>@<<host>>:<<port>>/<<database>> with credentials for user, password, host, port, and database.

MSSQL requires a connection URL in the format mssql://<<user>>:<<password>>@<<host>>:<<port>>/<<database>> with credentials for user, password, host, port, and database. For Azure SQL, use the fully qualified server name (e.g., myserver.database.windows.net).

Redis requires a connection URL in the format redis://<<user>>:<<password>>@<<host>>:<<port>>/<<database>> (or rediss:// for TLS). The database number (0-15) is optional and defaults to 0.

MongoDB requires a connection URL in the format mongodb://<<user>>:<<password>>@<<host>>:<<port>>/<<database>>?authSource=admin (or mongodb+srv://<<user>>:<<password>>@<<cluster>>/<<database>> for Atlas/SRV seedlists). Root users typically need authSource=admin.

FTP/SFTP requires a URL in the format sftp://<<host>>:<<port>> with username and password credentials.

Custom authentication

For systems with unique authentication requirements, superglue supports multiple custom patterns.

credentials: {
username: "your_username",
password: "your_password"
}

Used by: Jenkins, Artifactory, legacy APIs

Security first

All secrets are encrypted at rest and in transit. The LLM never accesses real credentials - only placeholders such as <<stripe_api_key>> are exposed during workflow setup and execution.

Not ready to provide credentials?

Systems can be created without credentials and updated later. Credentials may also be supplied dynamically during tool execution.

Need help identifying credentials?

The agent can assist with figuring out which credentials are required and where to find them. e.g., “I want to connect to my company’s internal API but I’m not sure what authentication it uses.”

superglue automatically crawls and processes documentation upon system creation. This makes it possible for superglue to reason about endpoints, authentication, and data models without manual setup.

When creating a system, the documentationUrl or uploaded documentation files (like OpenAPI specs, PDFs, or HTML exports) are used as the primary source for this process. The more complete and accurate the provided material, the better superglue’s internal understanding of the system.

superglue’s fetchers handle most modern and legacy documentation types:

OpenAPI/Swagger

Extracts endpoints, parameters, and schemas from .json or .yaml specifications.

Mintlify & modern docs

Fetches content from popular hosted sites like Mintlify, ReadMe, or Docusaurus.

Static HTML & PDFs

Parses legacy or self-hosted documentation, including HTML exports and PDF manuals.

Database schemas

Automatically analyzes PostgreSQL and MSSQL schemas to identify tables, columns, and relationships.

Large APIs can have hundreds of endpoints. To improve accuracy and reduce processing time, you can provide specific keywords via the agent that describe what parts of the documentation are most relevant.

The agent automatically adjusts documentation processing based on your instructions:

Connect to Stripe and focus on customer and subscription endpoints

This ensures that only relevant documentation is processed and saved to the system. Keywords are used to:

  • Guide crawling and processing to retain only the most relevant documentation sections
  • Improve ranking and retrieval relevance at runtime

Systems can be configured with separate development and production environments. This allows you to test integrations with sandbox/staging credentials before deploying to production.

  • Each system can have a dev and prod version with the same ID but different credentials
  • When running tools, specify mode: "dev" or mode: "prod" to control which system credentials are used
  • Systems without a linked environment work in both modes (standalone systems)
  1. Create your production system as normal
  2. Open the system and click Add Development Environment
  3. Configure development-specific credentials (e.g., sandbox API keys)
  4. Both environments share the same documentation and configuration, only credentials differ
import { runTool } from "@superglue/client";
// Use production credentials (default)
await runTool("my-tool", {
inputs: { ... },
options: { mode: "prod" }
});
// Use development/sandbox credentials
await runTool("my-tool", {
inputs: { ... },
options: { mode: "dev" }
});

When a tool runs with a specific mode:

  1. Linked systems: If a system has both dev and prod versions, the matching environment is used
  2. Standalone systems: Systems without a linked counterpart work in both modes
  3. Default: If no mode is specified, prod is used

If your system requires IP whitelisting (firewall rules, security groups, etc.), add superglue Cloud’s outbound IPs to your allowlist. See Cloud Networking for the current IPs.