Pipedream Connect

Connect your AI agents to 2,000+ APIs with managed OAuth via Pipedream. Each agent gets its own isolated app connections and OAuth tokens.

What's New (2026-03-10 v1.5.2)

• Added A–Z alphabet filter in the per-agent Browse Apps modal for fast app lookup by starting letter
• Added active letter indicator in results summary (e.g., Letter: Q)
• Improved app card readability in Browse Apps (wrapped names, reduced truncation)
• Updated reference snapshots for latest app catalog fallback + CSP compatibility path

What's New (2026-03-10 v1.5.1)

• Added explicit metadata declarations for config paths, capabilities, persistence, and security notes
• Clarified persistent behavior (optional cron token refresh) and sensitive file access in docs
• Aligned docs with actual paths under ~/.openclaw/

What's New (2026-03-01 v1.3.0)

• Per-agent app connections — App connections moved to Agents → [Agent] → Tools → Pipedream
• Global tab = credentials only — The Pipedream tab is now for platform auth (Client ID/Secret/Project ID) only
• External User ID defaults to agent slug — e.g. main, scout-monitor (not a UUID)
• Live connected apps — Refresh queries the Pipedream API for real connected accounts
• Environment warning — Agent panel shows a warning when running in development mode
• New RPCs: pipedream.connect, pipedream.disconnect, pipedream.test (per-agent, use agentId + appSlug)

What's New (v1.3.0) — Vault-Backed Secrets

• clientId and clientSecret stored in ~/.openclaw/secrets.json (OpenClaw vault) — no longer plaintext in pipedream-credentials.json
• PIPEDREAM_CLIENT_SECRET removed from mcporter.json env — client secret is never written to mcporter config
• Auto-migration: on first gateway start after upgrade, existing pipedream-credentials.json secrets are silently moved to vault and stripped from the file
• Token refresh script now reads from vault first (falls back to credentials.json → mcporter.json for backwards compat)
• pipedream-credentials.json now contains only non-sensitive fields: projectId, environment, externalUserId
• VirusTotal "suspicious" flag resolved — no plaintext credential files

Architecture

Global Pipedream Tab
  └── Platform credentials (Client ID, Secret, Project ID, Environment)
  └── Agent quick-links table (→ navigate to per-agent config)

Agents → [Agent] → Tools → Pipedream
  └── External User ID (defaults to agent slug)
  └── Connected Apps (live from Pipedream API)
  └── Available Apps grid + Browse All Apps modal
  └── Manual slug entry

Prerequisites

• Pipedream Account — pipedream.com
• mcporter — npm install -g mcporter
• OpenClaw Gateway — v2026.1.0 or later

Setup

Step 1: Create OAuth Client & Project

• Go to pipedream.com/settings/api → New OAuth Client
• Copy Client ID and Client Secret
• Go to pipedream.com/projects → create a project
• Copy Project ID (proj_...)

Step 2: Configure Platform Credentials

• OpenClaw Dashboard → Pipedream tab → Configure
• Enter Client ID, Client Secret, Project ID
• Set Environment to production (not development — development tokens expire faster and have lower rate limits)
• Click Save Credentials

Step 3: Connect Apps Per Agent

• Go to Agents → [Agent] → Tools → Pipedream
• Verify the External User ID (defaults to agent slug, e.g. main)
• Click Connect on any app in the grid — completes OAuth in a popup
• Click ↻ Refresh after OAuth completes to see the app appear in Connected Apps

Step 4: Token Refresh (Recommended)

# Cron job — runs every 45 minutes
(crontab -l 2>/dev/null; echo "*/45 * * * * /usr/bin/python3 $HOME/openclaw/skills/pipedream-connect/scripts/pipedream-token-refresh.py >> $HOME/openclaw/logs/pipedream-cron.log 2>&1") | crontab -

Per-Agent Isolation

Each agent uses a separate Pipedream external_user_id:

External User ID defaults to agent slug. Override it in Agents → Tools → Pipedream → Edit.

RPC Reference

Global (credentials)

Per-Agent

Using Connected Tools

# Gmail (agent: main → externalUserId: main)
mcporter call pipedream-main-gmail.gmail-find-email \
  instruction="Find unread emails from today"

# Google Calendar (agent: scout-monitor)
mcporter call pipedream-scout-monitor-google-calendar.google-calendar-find-event \
  instruction="Find events for tomorrow"

Server names follow the pattern: pipedream-{externalUserId}-{appSlug}

Environment: Development vs Production

⚠️ Use Production for real work:

• Development tokens expire faster and have lower rate limits
• Set in: Pipedream tab → Edit credentials → Environment → Production
• The agent Pipedream panel shows a warning when running in development mode

Security

Troubleshooting

Connected app not showing after OAuth → Click ↻ Refresh — the panel queries the Pipedream API live for connected accounts

unknown method: pipedream.connect → Rebuild and restart gateway: pnpm build && openclaw gateway restart

No Pipedream credentials configured → Set up credentials in the global Pipedream tab first

Development environment warning → Edit credentials in Pipedream tab, change Environment to production, save

Token expired → Set up the 45-minute cron job above, or click Connect again to re-authorize

Support

• ClawHub: clawhub.ai/skills/pipedream-connect
• Pipedream Docs: pipedream.com/docs
• MCP Apps: mcp.pipedream.com
• OpenClaw Discord: discord.com/invite/clawd

Reference Files