This page summarizes how official connectors are authorized, what classes of data they may access, and how to revoke access.
Connector permissions are defined by the provider and the scopes you approve during authorization. Only connect services you trust for your workflow.
How connector access works
- You initiate a connector connection.
- You approve provider permissions (OAuth scopes or API key access).
- CREAO stores connection metadata required to execute connector tools for your account.
- You can disconnect or remove a connector at any time.
Official connector matrix
| Connector group | Auth mode | Typical data categories | Execution path | Revocation |
|---|
| Google Workspace (Gmail, Calendar, Docs, Sheets, Drive, Tasks) | OAuth | Mail, calendar events, docs, spreadsheets, files, tasks | Official connector tool path | Disconnect in CREAO + revoke in Google account if needed |
| Google Marketing (Ads, Analytics, Search Console) | OAuth | Campaign/reporting and web analytics data | Official connector tool path | Disconnect in CREAO + revoke in Google account if needed |
| Microsoft (Outlook, Teams, OneDrive, Word, Excel) | OAuth | Mail, collaboration messages, files, documents, workbook data | Official connector tool path | Disconnect in CREAO + revoke in Microsoft account if needed |
| Collaboration (Slack, Discord, Notion, Asana, Linear) | OAuth or API key (provider-dependent) | Messages, channels/pages, tasks/issues/project data | Official connector tool path | Disconnect in CREAO + revoke in provider account |
| Developer (GitHub) | OAuth | Repository metadata/content and issue/workflow data | Official connector tool path | Disconnect in CREAO + revoke in GitHub settings |
| Social/commerce (X, YouTube, Reddit, Shopify, Telegram) | OAuth or token (provider-dependent) | Social content, publishing metadata, storefront data, bot messaging data | Official connector tool path | Disconnect in CREAO + revoke in provider account |
Subprocessor and relay model
- Some official connectors run through direct provider API integrations.
- Some official connectors may run through integration relay infrastructure where applicable.
- In all cases, access is bound to your authenticated connector account and approved permissions.
Security controls
- Connector tools run only for authenticated users with active connections.
- Input validation and tool allowlists are applied before execution.
- Connection metadata exposed in product responses is sanitized.
- Disconnect/delete operations invalidate connector use from CREAO.
Related pages
