Four steps to permissioned app access.
Start with Nango for token custody, then use CybrLink to create user connect flows and route agent tool calls.
Spin up Nango
Deploy or connect the Nango instance that will store provider credentials and OAuth tokens.
Self-host guide ↗02Get an API key
Generate your CybrLink API key. It signs session-mint requests on your server.
Request access ↗03Mint a session
Create a short-lived connect session for one user and one integration. The browser uses it to launch the consent flow.
Reference ↗04Call the tool
Your agent calls the gateway. Policy and connection state are checked before Nango attaches the provider credential.
Proxy guide ↗Connect a user. Then let the agent act.
Create a connect session, send the user through consent, then route agent requests through a controlled access layer. Your credential layer holds provider credentials; CybrLink keeps the workflow manageable.
- Connect sessions are not long-lived provider tokens.
- Connections are scoped by user and integration.
- Disconnect one user's access without disabling the whole app.
import { CybrLink } from "@cybrlink/sdk";
const link = new CybrLink({
apiKey: process.env.CYBRLINK_API_KEY!,
// your controlled credential layer
apiUrl: "https://connect.cybrlink.dev",
});
// 1. Mint a short-lived session for the end user
const sessionResponse = await link.createAgentSession({
userId: "u_42",
});
// 2. Hand the session token to the Connect UI in the browser
return { token: sessionResponse.token };
// 3. Later, on a tool call from your agent
const inbox = await link.proxy({
providerKey: "google-mail",
sessionToken: sessionResponse.token,
method: "GET",
endpoint: "/gmail/v1/users/me/messages",
});Full API reference
CybrLink works with Nango's OAuth and proxy primitives. Use Nango docs for provider auth, token refresh, and credential storage details.