Skip to main content

Integrations & Security

Chuff supports various integrations, enabling seamless data flow and extended functionality. These integrations allow you to:

  • Synchronize emails: Keep your CRM contacts updated with all communications.
  • Provide agents with secure tool access: Empower your agents with necessary credentials for external tools without exposing sensitive information to Large Language Models (LLMs).

We emphasize user control and data security in all our integrations.

Bringing Your Own Integrations

You can connect your own third-party services, including those requiring API keys or other credentials.

Security: When you provide credentials (like API keys), Chuff stores them encrypted at rest in our database. This means your sensitive information is encrypted when it's not actively being used, providing a strong layer of security.

LLM Safety: A key security feature is that your credentials are never directly exposed to LLMs. When an agent needs to use an integrated tool, Chuff securely retrieves and utilizes the credentials on the backend. This architecture ensures that even if an LLM is part of a workflow, it cannot access or reveal your sensitive API keys or tokens.

Supported Integration Types

Chuff currently supports integration types for:

  • Email Providers:
    • Gmail: Connect your Gmail account to sync emails and manage communications directly within Chuff. This uses OAuth 2.0 for secure, token-based authorization without sharing your password.
    • Microsoft Outlook (MSFT): Integrate your Microsoft account for similar email synchronization capabilities, also leveraging OAuth 2.0.
  • API Integrations (Custom/Generic):
    • Resend: Integrate with Resend for reliable email sending. You provide your API key, which Chuff encrypts and uses to send emails on your behalf.
    • Custom API: For other services, you can provide API keys or other authentication details. Chuff stores these securely and makes them available to agents as tools.

Managing Your Integrations

You have full control over your integrations:

  • Connect/Disconnect: Easily link new accounts or remove existing integrations whenever you need.
  • Purge Data: For email integrations, you can choose to purge all synchronized email data associated with a disconnected account from Chuff. Refer to our Data Deletion documentation for details.
  • Update Credentials: If your API keys or account credentials change, you can update them securely within Chuff.

Technical Details (For Developers)

For developers interested in the underlying mechanisms, Chuff's ThirdPartyAuth model handles integration credentials.

Key Security Aspect: token_data Property

The tokenData property handles the encryption and decryption of sensitive credentials automatically. When you set tokenData (e.g., with a new API key), it's automatically encrypted and stored. When accessed, it's decrypted on the fly. This ensures that raw credentials are never stored directly in plain text in the database.

OAuth Flow Handling: Chuff securely handles OAuth 2.0 flows for providers like Google (Gmail) and Microsoft (Outlook). This involves:

  • Redirecting to the provider's authorization page.
  • Exchanging authorization codes for secure tokens.
  • Storing encrypted tokens for future use.
  • Automated token refreshing to ensure continuous access without re-authentication.

For more in-depth technical details on how OAuth is specifically used for email synchronization, please refer to our documentation: https://docs.chuff.co/docs/crm/email-sync.