Integrations

Connect FabHub with external systems and manage API access.

Plan and access

Plan: Full use of the Integrations hub, Connections (native connectors), API (tenant API keys), and Webhooks requires an Enterprise subscription (see Organization → Subscription or Pricing). On Free / Standard / Pro, Admin and Manager still see Integrations in the sidebar; opening these pages shows upgrade / plan-gate UI instead of unlocked functionality.
Workspace role (Settings hub):
- Staff — the Integrations section does not appear in Settings (deep links are blocked or show a workspace notice).
- Managers — can open Connections (hub) and Webhooks. They cannot open the Tenant API keys leaf (/settings/integrations/api); on the hub, the API card explains that only workspace administrators manage keys.
- Admins — can open Connections, API (tenant API keys), and Webhooks in the nav (subject to plan and membership rules below).
Membership source (workspace): On Enterprise, using native Connections or Webhooks requires a workspace Admin or Manager role resolved from organization membership (user_organizations), not auth metadata alone. The API keys UI additionally requires workspace Admin (not Manager). Otherwise the hub and leaves show notices with a link to Settings → Users (same pattern as other membership-gated settings).
Organization roles (tenant APIs): Creating, renaming, or revoking tenant API keys requires owner or admin on the organization. Webhooks (create/update/delete/test) also allow manager membership. See Roles and permissions for how workspace role and membership interact.

Connections (hub)

Path: Settings → Integrations → Connections. Canonical in-app route: /settings/integrations/connections (sign in required).
The legacy URL /settings/integrations/integrations redirects here.

On Enterprise, the page can include:

Native integrations — a grid of connector cards (accounting, CRM, automation partners from the in-product catalog). When your plan, workspace role, and organization membership allow full access, you can connect, toggle enabled, reset (clear stored connector metadata and refresh the connection timestamp—confirmation required), open configure, or disconnect; state is stored per tenant. Provider OAuth and token exchange capabilities depend on the connector and may still be limited—use API keys and webhooks for custom automation where needed.
Developer tools — a second section with cards for Tenant API keys, Webhooks, and Documentation (the same role rules as above apply: for example, managers see Connections and Webhooks but not the tenant API keys leaf).

If Enterprise access is not available, you see upgrade messaging and a Documentation shortcut instead of the full hub.

API (tenant API keys)

Path: Settings → Integrations → API. In-app route: /settings/integrations/api (sign in required). Key detail: /settings/integrations/api/[keyId].

Use this screen to create and revoke tenant API keys for server-to-server calls to the FabHub backend. The full secret is shown only once when a key is created; afterward you see a prefix and can show/hide it in the list.

You can:

Filter keys by name and status (active / expired)
Generate a key: Name, environment (production / staging / development), optional description, permissions (api scope and/or admin scope)
Edit a key from the list (name link or pencil icon): opens the detail page where you can update name, description, environment, and scopes, then Save
Revoke a key from the list or detail view, or use bulk revoke for selected rows

Generate a key

Click + Generate API key (or equivalent).
Enter a name, select environment, optionally add a description, and choose permissions (scopes).
Submit. Copy the secret from the confirmation dialog; you cannot view it again after closing.

View prefix and revoke

Use show/hide to reveal the stored prefix (not the full secret).
Use copy on the prefix when needed.
Revoke removes the key permanently.

Security

Treat secrets like passwords; store them in a secret manager.

Use the minimum scope needed; prefer separate keys per integration.

Revoke keys that may have leaked or are unused.

Webhooks

Path: Settings → Integrations → Webhooks. In-app routes: /settings/integrations/webhooks (list) and /settings/integrations/webhooks/[webhookId] (detail).

Enterprise is required. Create uses a dialog on the webhooks list (table with filters, bulk delete). Edit opens a full-page detail for that webhook; Save on the detail page opens a confirmation dialog before changes are persisted. Subscribed events control which automated, signed deliveries your endpoint can receive (processed asynchronously; which product events are wired up grows over time). Send on a row runs a test POST to your URL with a small JSON payload (connectivity check; not the same as production signed deliveries).

Roles and permissions — which workspace roles can open Settings → Integrations (Connections, tenant API keys, Webhooks) and how organization membership affects key management.
Integrations — using your tenant API key to call the FabHub backend: base URL, X-API-Key header, and getting started (this Settings article is where you create keys; the linked page covers calling the API).
Account & API keys — storing keys safely and related API usage notes.

Integrations

Connect FabHub with external systems and manage API access.

Plan and access

Plan: Full use of the Integrations hub, Connections (native connectors), API (tenant API keys), and Webhooks requires an Enterprise subscription (see Organization → Subscription or Pricing). On Free / Standard / Pro, Admin and Manager still see Integrations in the sidebar; opening these pages shows upgrade / plan-gate UI instead of unlocked functionality.
Workspace role (Settings hub):
- Staff — the Integrations section does not appear in Settings (deep links are blocked or show a workspace notice).
- Managers — can open Connections (hub) and Webhooks. They cannot open the Tenant API keys leaf (/settings/integrations/api); on the hub, the API card explains that only workspace administrators manage keys.
- Admins — can open Connections, API (tenant API keys), and Webhooks in the nav (subject to plan and membership rules below).
Membership source (workspace): On Enterprise, using native Connections or Webhooks requires a workspace Admin or Manager role resolved from organization membership (user_organizations), not auth metadata alone. The API keys UI additionally requires workspace Admin (not Manager). Otherwise the hub and leaves show notices with a link to Settings → Users (same pattern as other membership-gated settings).
Organization roles (tenant APIs): Creating, renaming, or revoking tenant API keys requires owner or admin on the organization. Webhooks (create/update/delete/test) also allow manager membership. See Roles and permissions for how workspace role and membership interact.

Connections (hub)

On Enterprise, the page can include:

Native integrations — a grid of connector cards (accounting, CRM, automation partners from the in-product catalog). When your plan, workspace role, and organization membership allow full access, you can connect, toggle enabled, reset (clear stored connector metadata and refresh the connection timestamp—confirmation required), open configure, or disconnect; state is stored per tenant. Provider OAuth and token exchange capabilities depend on the connector and may still be limited—use API keys and webhooks for custom automation where needed.
Developer tools — a second section with cards for Tenant API keys, Webhooks, and Documentation (the same role rules as above apply: for example, managers see Connections and Webhooks but not the tenant API keys leaf).

If Enterprise access is not available, you see upgrade messaging and a Documentation shortcut instead of the full hub.

API (tenant API keys)

Path: Settings → Integrations → API. In-app route: /settings/integrations/api (sign in required). Key detail: /settings/integrations/api/[keyId].

You can:

Filter keys by name and status (active / expired)
Generate a key: Name, environment (production / staging / development), optional description, permissions (api scope and/or admin scope)
Edit a key from the list (name link or pencil icon): opens the detail page where you can update name, description, environment, and scopes, then Save
Revoke a key from the list or detail view, or use bulk revoke for selected rows

Generate a key

Click + Generate API key (or equivalent).
Enter a name, select environment, optionally add a description, and choose permissions (scopes).
Submit. Copy the secret from the confirmation dialog; you cannot view it again after closing.

View prefix and revoke

Use show/hide to reveal the stored prefix (not the full secret).
Use copy on the prefix when needed.
Revoke removes the key permanently.

Security

Treat secrets like passwords; store them in a secret manager.

Use the minimum scope needed; prefer separate keys per integration.

Revoke keys that may have leaked or are unused.

Webhooks

Path: Settings → Integrations → Webhooks. In-app routes: /settings/integrations/webhooks (list) and /settings/integrations/webhooks/[webhookId] (detail).

Roles and permissions — which workspace roles can open Settings → Integrations (Connections, tenant API keys, Webhooks) and how organization membership affects key management.
Integrations — using your tenant API key to call the FabHub backend: base URL, X-API-Key header, and getting started (this Settings article is where you create keys; the linked page covers calling the API).
Account & API keys — storing keys safely and related API usage notes.

Integrations

Plan and access

Connections (hub)

API (tenant API keys)

Generate a key

View prefix and revoke

Webhooks

Related

Integrations

Plan and access

Connections (hub)

API (tenant API keys)

Generate a key

View prefix and revoke

Webhooks

Related