Connect AI / Docs

Docs/Quickstart

Quickstart

We'll go from zero to a successful authenticated tool call. Estimated time: 5 minutes.

1. Create your account and AI Client

Sign up at the portal. A personal organization is created automatically.

Navigate to AI Clients and create one. You'll get two values:

  • Client ID — public identifier. Goes in X-Cortex-Client-Id header.
  • API Key — secret. Shown ONCE. Goes in Authorization: Bearer.

Save the API Key now

It is hashed on our side. We can't show it again. If you lose it, rotate it from the portal.

2. Connect a service

You have two options:

  • Use the catalog — Browse Service Definitions, pick one (e.g. Google Calendar), and create an App. The platform handles OpenAPI ingestion.
  • Bring your own API — Upload your OpenAPI 3.x spec to create a custom template. Endpoints are extracted as Tools automatically.

3. Authorize an end-user

Most useful tools require user-level OAuth. Trigger the flow from your code:

initiate-oauth.sh
curl -X POST https://us-central1-cortexconnectplatform.cloudfunctions.net/initiateOAuth \ -H 'Authorization: Bearer YOUR_API_KEY' \ -H 'X-Cortex-Client-Id: YOUR_CLIENT_ID' \ -H 'Content-Type: application/json' \ -d '{ "appId": "your-app-id", "userId": "your-end-user-id", "clientRedirectUri": "https://yourapp.com/oauth/callback" }'

The response gives you authorizationUrl. Redirect your end-user to it. After they grant access, they bounce to clientRedirectUri and the platform stores their tokens encrypted.

4. Execute the tool

Now your agent can call the tool through our proxy:

execute.sh
curl -X POST https://us-central1-cortexconnectplatform.cloudfunctions.net/proxyV2 \ -H 'Authorization: Bearer YOUR_API_KEY' \ -H 'X-Cortex-Client-Id: YOUR_CLIENT_ID' \ -H 'X-Cortex-User-Id: your-end-user-id' \ -H 'Content-Type: application/json' \ -d '{ "toolId": "your-app-id:::create_calendar_event", "parameters": { "summary": "Project sync", "start": "2026-05-06T10:00:00Z" } }'

What happens behind that call

Authentication check, RBAC verification, token decryption (just-in-time), rate limit check, wallet debit, upstream call, response normalization, audit log write. End-to-end p95 < 400ms.

5. Done. What now?

← Previous

Overview

Next →

Concepts