Skip to main content
Authentication is how Refold turns a user’s permission into a linked account: a stored, encrypted set of credentials that every connector, workflow, and MCP server can use without ever exposing the underlying tokens. Use it to connect your customers’ apps once and let Refold keep those connections alive. The mechanics are the same across all three Refold products. You pick how the user authorizes (the connection flow), then Refold keeps the connection healthy over time (the management flows). What changes between products is where the user authenticates, not how it works underneath. This page is the shared reference; each product’s section frames the experience for its own readers.

How it works

  1. You configure a connector’s auth method (OAuth2, API key, or basic) in App settings.
  2. Your user authorizes through one of the connection flows below.
  3. Refold stores the credentials as a linked account, encrypted at rest.
  4. Connectors, workflows, and MCP servers resolve those credentials internally at run time. They are never returned in inputs or outputs.
  5. Refold keeps the connection alive with token refresh and re-authentication, and records every event in auth logs.

Connection flows

How a user first authorizes an account. These flows behave the same way across products. The detailed how-tos live under Native frontend, since that is where most teams build the connect experience.

Hosted flow

Redirect to a Refold-hosted portal. The fastest path, with no frontend code.

React SDK flow

Drop Refold’s connect component into your React app, with no redirect.

Build your own

Drive the flow from your own UI with the JavaScript SDK for full control.

Importing existing auth

Bring credentials your users already authorized elsewhere into Refold.

Managing connections

How Refold keeps an authorized account usable over its lifetime.

Connection status

Read whether each linked account is connected, healthy, or needs action.

Token refresh

Refold refreshes OAuth tokens automatically before they expire.

Re-authentication

Prompt users to reconnect when a token is revoked or a scope changes.

Integration logs

Inspect authentication events, refreshes, and failures.

Where authentication fits in each product

The flows above are shared. Each product frames them for its own reader:
ProductWhere the user authenticatesStart here
NativeInside your own app’s UI, the experience your customer seesFrontend auth flows
Integration DeliveryAnywhere a connection can be made; enterprise systems may need special connectivityAuthenticating systems
MCPInline in the agent chat, via the Server-URL tokenMCP authentication

See also