Connect a service that isn't in the list
Connect a tool that has no built-in preset to Claude Tag. Covers credential types, what each form field means, and how to add a custom MCP server.
Claude Tag is in public beta. Features and behavior described here may change before general availability.
Note: Connections are added inside an Access bundle. At claude.ai/admin-settings/claude-tag, open Access bundles in the left navigation, click into a bundle (or Create one), and go to its Credentials tab.
For a service that doesn't have a preset Connect button, use Connect another app at the bottom of the bundle's Credentials tab. This works for any service with an HTTP API. The Snowflake and Salesforce guides are worked examples.
Add a custom HTTP API
What you need from the service
- A service-account credential (an API key, token, or OAuth client) — not your personal login
- The API host (for example
api.example.com) - How the API authenticates (which header or flow it expects)
See Create a dedicated account per service for the service-account patterns.
Fill out the Connect another app form
| Field | What to enter |
|---|---|
| Name | A label for this connection (for example "Internal billing API") |
| Credential type | Pick the type that matches how the API authenticates; see Credential types |
| Allowed websites | The API's host (for example api.example.com). A wildcard is allowed as the leftmost label. The credential is sent only to hosts you list here. |
| Path prefixes (optional) | Restrict the credential to specific URL paths under the host. Shown only for the OAuth 2.0 authorization code type. |
| Custom headers | Any extra headers the API requires beyond the credential. Shown only for the Bearer credential type. |
Credential types
| Type | Use for |
|---|---|
| Bearer | An API key or token sent as Authorization: Bearer <token>. Most SaaS REST APIs. |
| Basic | HTTP Basic authentication (Authorization: Basic <base64(user:password)>) |
| Body parameter | A token the API expects in the request body or query string instead of a header |
| AWS SigV4 | AWS services and APIs that require Signature Version 4 signing |
| GCP access token (with Service Account Key) | Google Cloud APIs; the proxy exchanges the SA key for an access token |
| GCP IAP (with Service Account Key) | Google Cloud services behind Identity-Aware Proxy |
| OAuth 2.0 JWT bearer | APIs that accept a JWT signed with your private key in exchange for an access token (Salesforce, DocuSign) |
| OAuth 2.0 client credentials | Machine-to-machine OAuth with a client ID and secret |
| OAuth 2.0 authorization code (3-legged) | OAuth with a user-consent step; the connection stores the resulting refresh token |
| GitHub App | GitHub repositories; covered separately at Configure GitHub access |
If you're unsure which type, check the service's API authentication docs for which header or flow it expects.
AWS SigV4
Use the AWS SigV4 credential type for AWS service APIs (S3, Lambda, Bedrock, an API Gateway endpoint with IAM authorization). Agent Proxy reads the AWS service and signing region from the hostname and signs each outbound request with the credential at the boundary, so neither the model nor the sandbox holds the keys. The host must be an amazonaws.com endpoint; the proxy can't sign requests to an API Gateway custom domain or to a non-AWS API that uses Signature Version 4.
| Field | Value |
|---|---|
| Access key ID | The IAM user or role access key, for example AKIAIOSFODNN7EXAMPLE |
| Secret access key | The matching secret access key |
| Session token | Optional. Only needed for temporary credentials from AWS STS. |
| Allowed websites | The AWS service endpoint host, for example s3.us-east-1.amazonaws.com or abc123.execute-api.us-east-1.amazonaws.com |
Use long-lived credentials from a dedicated IAM user where you can. Temporary STS credentials work but expire on their own schedule, and the connection stops working when they do; you re-enter all three values to rotate.
Claude can call the endpoint with curl, an AWS SDK, or the AWS CLI. The sandbox holds no real AWS credentials, so a CLI or SDK signs the request with placeholder values; Agent Proxy strips that signature and re-signs with the stored credential before the request leaves for AWS. The one shape it can't re-sign is chunked payload signing. If Claude reports that chunked signing isn't supported through the proxy, have it set payload_signing_enabled = false in ~/.aws/config and retry.
When AWS returns SignatureDoesNotMatch
A SignatureDoesNotMatch response from AWS means the request AWS received doesn't match the one Agent Proxy signed.
| Check | What to do |
|---|---|
| The access key ID and secret access key belong to the same IAM identity | Re-enter the access key ID, secret access key, and session token together. The form is write-only, so a partial update can leave them mismatched. |
| No proxy or gateway of your own sits between Anthropic and AWS | A second proxy that adds, strips, or reorders headers, or that re-signs the request, invalidates the signature Agent Proxy attached. Point Allowed websites at the AWS endpoint directly. |
A dropped or expired session token is a different failure: AWS rejects it with a token error such as InvalidClientTokenId, not SignatureDoesNotMatch. Rotate all three fields.
Add a custom MCP server
To give Claude an MCP server (one you run, or a vendor's hosted MCP endpoint), the pattern is a plugin plus a credential:
- Add a plugin that declares the MCP server. In the bundle's Plugins tab (or via your skills repository), add a plugin whose
.mcp.jsonpoints at the server URL. The plugin tells Claude the server exists and how to call it. - Add a credential for the server's host. On the Credentials tab, click Connect another app and add a credential for the MCP server's host (for example, a Bearer token with Allowed websites set to
your-mcp-host.example.com). This lets the call leave the sandbox with auth attached.
The plugin's .mcp.json is loaded because it's part of an attached plugin; an .mcp.json checked into a repository Claude clones is not loaded.
Verify the connection
In a channel under the bundle's scope, in a new thread, ask Claude to make a small read against the API:
@Claude can you reach api.example.com? Try a GET on /health.
Check the service's own audit log to confirm the call landed under your service account.
Related resources
- Give Claude access: the full connection model
- Allow a host without a credential: for public APIs that need no auth
9a463f46eb0494b7 · verify