Connect Rollout to external services. Connections hold the credentials that workflow nodes use, the API Request node reaches any REST API, incoming webhooks bring events in, and MCP plus the desktop app extend workflows to AI assistants and local devices.

Status: Alpha (features may change).

Connections

A Connection stores a credential — an OAuth grant, an API token, an SSH key — that workflow nodes use to act on external systems. Manage them at Settings → Connections.

Adding a connection

  1. Open Settings → Connections
  2. Click Add connection
  3. Pick a provider from the catalog
  4. For Google: name the connection, pick scopes, choose who can use it, then click Continue to Google to complete the OAuth consent flow
  5. For other providers: enter the credential fields and click Save

Workflow nodes that need a connection also offer to create one from the node’s settings, pre-set with the scopes that node requires.

Available providers

Provider Kind Use it for
Google OAuth Gmail, Sheets, and Drive nodes
Atlassian API token Jira nodes
GitHub Token GitHub nodes, private repos, image pushes
Telegram Bot Bot token Telegram nodes (token from @BotFather)
SSH Host Credential Run commands on a remote host over SSH
Tailscale Connectivity Reach private hosts from workflow runs
Container Registry Credential Push built images (GHCR, Docker Hub, GCR, …)
1Password Service account token Resolve op:// secret references
Vector Store (Qdrant) Credential Point retrieval at your own Qdrant
LLM Provider (BYOK) API key Bring your own LLM key, billed to your provider account
Cartesia (Text-to-Speech) API key Streaming text-to-speech
Deepgram (Speech-to-Text) API key Streaming speech-to-text

Google connections and scopes

Each Google connection carries only the scopes you select when creating it. Scope presets: Gmail (read), Gmail (modify), Gmail (send), Sheets, Sheets (read), Drive (files), Drive (full), Drive (read), and Calendar (read).

You can keep multiple Google connections for the same account — for example a Sheets-only connection next to a Gmail-send one. Nodes only accept connections whose scopes cover what they need.

By default, connections use Rollout’s shared OAuth client. Expand Use my own OAuth client to supply your own Google OAuth client instead — tokens are then cryptographically limited to the granted scopes. Changing the client later requires re-authorizing.

Sharing and access

Connections are private by default: only the person who created one can use it. The Who can use it picker (at creation, or later in the connection’s details) shares it with a team or the whole workspace. Only the connection owner or a workspace admin can change sharing. The list shows each connection’s visibility: Private, Team, or Workspace.

Managing connections

Click a connection row to open its details, where you can:

  • Rename the connection
  • Test the credential and see its health status
  • Reauth a Google connection when it needs fresh consent
  • Review granted scopes and which workflows use it
  • Delete it — the confirmation lists the workflows that would break

Credentials are encrypted at rest. OAuth tokens refresh automatically when they expire; a connection that needs your attention shows a Reauth badge in the list.

Google nodes

Node What it does
Gmail: New Email (trigger) Starts the workflow when a Gmail message arrives; configurable to fire on new Sheets rows or new Drive files instead
Gmail Send, Gmail Reply Send an email, or reply within an existing thread
Gmail Search, Gmail Get Search messages, or fetch one with bodies, headers, and attachment info
Gmail Update, Gmail Archive, Gmail Trash, Gmail Labels Mark as read / modify labels, archive, trash or restore, list account labels
Sheets Append, Sheets Read, Sheets Update, Sheets Clear Append rows, read rows as objects, upsert by key column, clear a range
Drive Upload, Drive Download, Drive Search, Drive Move, Drive Create Folder File and folder operations in Drive

Note: the trigger polls, so events may be delayed by the poll interval (default 60 seconds, configurable on the node).

Other integration nodes

  • Jira (Atlassian connection): Jira Create Issue, Jira Get Issue, Jira Search, Jira Update Issue, Jira Comment, Jira Transition
  • GitHub (GitHub connection): GitHub Open PR, GitHub Get PR, GitHub List PRs
  • Telegram (Telegram Bot connection): Telegram Send Message, Telegram Parse Update
  • Perplexity: Perplexity Search

Secrets

Store standalone API keys and tokens at Settings → Secrets. Secrets are write-only: a value is set once at creation and is never readable again, in the UI or anywhere else. Names are UPPER_SNAKE_CASE.

If the workspace has a 1Password connection, a secret can instead be a 1Password reference (op://vault/item/field) resolved at run time.

Secrets use the same private / team / workspace sharing model as connections. Secret-typed node fields reference a stored secret by name, and secret values are redacted from persisted run history and streamed logs.

Webhooks (incoming)

Receive data from external services using the Incoming Webhook trigger.

Setting up a webhook

  1. Add an Incoming Webhook trigger to your workflow
  2. Copy the webhook URL from the node settings
  3. Configure your external service to POST to this URL
  4. The payload becomes available to downstream nodes

Security options

  • HMAC verification - Validate signatures (SHA-1, SHA-256, or SHA-512) from services like GitHub or Stripe
  • Timestamp validation - Reject old requests to prevent replay attacks
  • Token rotation - Regenerate the webhook URL if it leaks

Sensitive request headers (authorization, cookies, signature headers) are redacted before the request is stored as node output.

See Visual Workflows for detailed webhook configuration.

Troubleshooting

Google connection fails

  • Use Reauth on the connection’s details, or disconnect and reconnect
  • Grant all requested permissions on the consent screen
  • Check that third-party cookies are not blocked

API Request returns 401/403

  • Verify your API key or credentials
  • Check the Authorization header format
  • Ensure the API key has the required permissions

Webhook not triggering workflow

  • Confirm the webhook URL is correct
  • Check that the workflow is saved and enabled
  • Verify the external service is sending requests
  • Look for rate limit errors in the response (HTTP 429)