# TapAuth

> Human-approved delegated access for AI agents. TapAuth lets AI agents request OAuth access tokens through a human-in-the-loop approval flow.

## What TapAuth Does

TapAuth is an access gateway for AI agents. An agent requests access to a user's account (Google Calendar, GitHub, Google Sheets, etc.), the user approves with specific scopes, and the agent receives a short-lived OAuth access token.

## Supported Providers

- Google (View calendar events, Create & edit calendar events, View calendar events (events-only), View spreadsheets, Edit spreadsheets, View documents, Edit documents)
- Google Sheets (View spreadsheets, Edit spreadsheets)
- Google Docs (View documents, Edit documents)
- GitHub (Access public repositories, Access private repositories (full), Read user profile, Access user email addresses, Read org membership, Create and manage gists, Access notifications, Update GitHub Actions workflows, Full control of organizations, Delete repositories)
- Linear (Read issues & projects, Create & edit issues, Create issues, Create comments)
- Vercel (View and manage deployments, Access project details, Manage environment variables, Manage domains, Access team info, Read user profile)
- Slack (View people in workspace, View email addresses of people, View basic channel info, View messages in public channels, View basic private channel info, View basic DM info, View files shared in channels, Search messages, View workspace info)
- Notion (Read pages & databases, Update existing content, Create new content, Read user info with email)
- Asana (Read tasks, Create and update tasks, Delete tasks, Read projects, Create and update projects, Delete projects, Read user information, Read teams, Read workspaces, Read attachments, Upload attachments, Delete attachments, Read stories (comments), Create and update stories, Read tags, Create and update tags, Read custom fields, Create and update custom fields, Read portfolios, Create and update portfolios, Read goals, Read webhooks, Create and update webhooks, Delete webhooks, Verify your identity (OpenID), View your email address, View your profile info)
- Sentry (View organization details, Modify organization settings, View project details, Modify project settings, Manage releases, View team details, Modify teams, View organization members, Invite and modify members, View events and issues, Modify events (resolve, merge))
- Discord (View your username and avatar, View your email address, View your server list)

## API

Base URL: `https://tapauth.ai`

- POST /api/v1/grants — Request a new OAuth grant (agent → user approval → token)
- GET /api/v1/token/{id} — Retrieve the access token (Bearer auth with grant_secret)
- GET /api/v1/token/{id}.env — Token in .env format
- GET /api/v1/token/{id}.json — Token in JSON format
- GET /api/providers — List available providers and scopes

## CLI Script

TapAuth provides a single bash script (`tapauth`) that wraps the entire flow — grant creation, approval, polling, caching, and token refresh — into one command:

```bash
curl -H "Authorization: Bearer $(./tapauth google drive.readonly)" \
  https://www.googleapis.com/drive/v3/files
```

First run creates a grant and prompts for approval. Subsequent runs return cached tokens instantly (no network call if not expired).

TapAuth also provides a secrets provider script (tapauth-secrets) for OpenClaw integration — resolves OAuth tokens as secrets at agent startup.

RECOMMENDED: Use the CLI script — it handles credential storage, caching, and keeps secrets out of your context. Set a timeout of at least 600 seconds (10 minutes) when running the CLI, as users may take time to approve. Do NOT fall back to raw API calls if the CLI times out — this exposes grant secrets to your context.

## Integrations

- **gws (Google Workspace CLI):** Set GOOGLE_WORKSPACE_CLI_TOKEN=$(tapauth token google/<scope>) to give gws full Google Workspace access. See https://tapauth.ai/blog/connect-ai-agents-google-workspace-gws-cli

- CLI docs: https://tapauth.ai/docs
- Full LLM docs: https://tapauth.ai/llms-full.txt

## Links

- Docs: https://tapauth.ai/docs
- Full LLM docs: https://tapauth.ai/llms-full.txt
- Website: https://tapauth.ai