Internal Connector Setup Playbook

This is a private internal guide. Use this as a checklist when installing and configuring all PIE connectors. Work through each section in order. Check off items as you complete them.

Before You Start

You will need:

Admin access to the PIE instance
A credit card for services that require paid plans (Stripe, Twilio, etc.)
Access to the PIE domain for constructing callback URLs
A password manager to store all the keys/secrets you'll generate

Your PIE URLs (fill these in once):

OAuth Callback:  https://___________________/api/oauth/plugin/{pluginId}/callback
Webhook URL:     https://___________________/api/webhooks/plugin/{pluginId}

Phase 1: ScrapeCreators (covers 7 plugins at once)

This is the fastest win — one API key unlocks 7 social media research plugins.

Plugins unlocked: TikTok Researcher, Instagram Researcher, YouTube Researcher, Reddit Researcher, LinkedIn Researcher, Pinterest Researcher, Facebook Ad Library Research

[ ] Go to app.scrapecreators.com and create an account
[ ] Generate an API key from the dashboard
[ ] In PIE, go to each of these 7 plugins and set the developer secret:
- Secret name: SCRAPECREATORS_API_KEY
- Value: the API key you just generated
[ ] Test one plugin (e.g. TikTok Researcher → action: get_profile, handle: charlidamelio) to confirm it works
[ ] Note: LinkedIn and Pinterest plugins also have monitoring (cron polling). No extra setup needed — it runs automatically.

Cost: ~$0.001 per API call (1 credit). Monitor polling will consume credits based on how many monitors users create.

Phase 2: Google Cloud (covers 10 plugins)

One Google Cloud project + one OAuth app covers Gmail, Calendar, Sheets, Drive, Docs, Tasks, Meet, Analytics, Ads, and Classroom.

Plugins unlocked: Gmail Assistant, Google Calendar, Google Sheets, Google Drive, Google Docs, Google Tasks, Google Meet, Google Analytics, Google Ads, Google Classroom

[ ] Go to Google Cloud Console
[ ] Create a new project (e.g. "PIE Connectors") or use existing
[ ] Go to APIs & Services > OAuth consent screen
- [ ] Set to "External" (or "Internal" if using Google Workspace)
- [ ] Fill in app name, support email, developer contact
- [ ] Add all scopes needed (see list below)
- [ ] Add your test users if in testing mode
[ ] Go to APIs & Services > Credentials > Create Credentials > OAuth 2.0 Client ID
- [ ] Application type: Web application
- [ ] Add authorized redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
- [ ] Copy the Client ID and Client Secret
[ ] Enable these APIs in the API Library:
- [ ] Gmail API
- [ ] Google Calendar API
- [ ] Google Sheets API
- [ ] Google Drive API
- [ ] Google Docs API
- [ ] Google Tasks API
- [ ] Google Meet REST API
- [ ] Google Analytics Data API
- [ ] Google Ads API (requires applying for a developer token — see below)
- [ ] Google Classroom API
[ ] In PIE, set these developer secrets on each Google plugin:
- GOOGLE_CLIENT_ID → the Client ID from above
- GOOGLE_CLIENT_SECRET → the Client Secret from above
[ ] Test: Open Google Sheets plugin → Connect → Should redirect to Google OAuth → Grant access → Verify it returns to PIE

Google Ads extra step:

[ ] Apply for a Google Ads API developer token at Google Ads API Center
[ ] Once approved, set GOOGLE_ADS_DEVELOPER_TOKEN on the Google Ads plugin
[ ] Note: This can take days/weeks to get approved. Skip and come back to it.

Webhook notes:

Google Drive and Calendar support push notifications via watch API — the connector handles this programmatically
Google Sheets and Docs have no push — they use polling

Phase 3: Microsoft Azure AD (covers 3 plugins)

One Azure AD app registration covers Outlook, Teams, and OneDrive.

Plugins unlocked: Outlook, Microsoft Teams, OneDrive

[ ] Go to Azure Portal > Azure Active Directory > App registrations > New registration
[ ] Name: "PIE Connectors"
[ ] Supported account types: "Accounts in any organizational directory and personal Microsoft accounts"
[ ] Redirect URI: Web → https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Go to Certificates & secrets > New client secret
- [ ] Copy the secret value immediately (you can't see it again)
[ ] Go to API permissions > Add a permission > Microsoft Graph > Delegated permissions
- [ ] Add: openid, profile, email, offline_access
- [ ] For Outlook: Mail.Read, Mail.Send, Mail.ReadWrite, MailboxSettings.Read
- [ ] For Teams: Team.ReadBasic.All, Channel.ReadBasic.All, ChannelMessage.Send, Chat.ReadWrite, OnlineMeetings.ReadWrite, User.Read
- [ ] For OneDrive: Files.ReadWrite.All, Sites.ReadWrite.All
- [ ] Click "Grant admin consent" if you have admin access
[ ] Copy the Application (client) ID from the Overview page
[ ] In PIE, set on each Microsoft plugin:
- MICROSOFT_CLIENT_ID → Application (client) ID
- MICROSOFT_CLIENT_SECRET → Client secret value
[ ] Test: Open Outlook plugin → Connect → Microsoft login → Verify

Webhooks: Microsoft Graph subscriptions are registered programmatically by the connector. No manual webhook setup needed.

Phase 4: Atlassian (covers 3 plugins)

One Atlassian OAuth 2.0 integration covers Jira, Confluence, and Bitbucket.

Plugins unlocked: Jira, Confluence, Bitbucket

[ ] Go to Atlassian Developer Console > Create > OAuth 2.0 integration
[ ] Name: "PIE Connectors"
[ ] Under Authorization > Add callback URL: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Under Permissions:
- [ ] Jira platform REST API → Add: read:jira-work, write:jira-work, read:jira-user
- [ ] Confluence REST API → Add: read:confluence-content.all, write:confluence-content
- [ ] Bitbucket → Add: repository, pullrequest, pipeline
[ ] Under Settings, copy the Client ID and Secret
[ ] In PIE, set on each Atlassian plugin:
- ATLASSIAN_CLIENT_ID → Client ID
- ATLASSIAN_CLIENT_SECRET → Secret
[ ] Test: Open Jira plugin → Connect → Atlassian login → Select your site → Verify

Webhooks:

[ ] Jira: Go to Jira Settings > System > WebHooks > Create webhook
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId} (use the Jira plugin's ID)
- Events: issue_created, issue_updated, sprint_started, sprint_closed
[ ] Bitbucket: Go to each repo > Settings > Webhooks > Add
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId} (use Bitbucket plugin's ID)
- Events: repo:push, pullrequest:created, pullrequest:updated, pullrequest:fulfilled

Phase 5: CRM Connectors (3 separate setups)

Each CRM has its own OAuth. Do them one at a time.

Salesforce

[ ] Go to Salesforce Setup > App Manager > New Connected App
[ ] Enable OAuth, callback URL: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Scopes: api, refresh_token, full
[ ] Copy Consumer Key and Consumer Secret
[ ] In PIE: SALESFORCE_CLIENT_ID, SALESFORCE_CLIENT_SECRET
[ ] Test: Connect → Salesforce login → Verify

Pipedrive

[ ] Go to Pipedrive Developer Hub > Create App > OAuth
[ ] Callback URL: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Copy Client ID and Client Secret
[ ] In PIE: PIPEDRIVE_CLIENT_ID, PIPEDRIVE_CLIENT_SECRET
[ ] Test: Connect → Pipedrive login → Verify

Attio

[ ] Go to Attio Settings > Developers > Create OAuth App
[ ] Redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Copy Client ID and Client Secret
[ ] In PIE: ATTIO_CLIENT_ID, ATTIO_CLIENT_SECRET
[ ] Test: Connect → Attio login → Verify

Phase 6: Project Management (4 separate setups)

Linear

[ ] Go to Linear Settings > API > OAuth Applications > New
[ ] Callback URL: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Copy Client ID and Client Secret
[ ] In PIE: LINEAR_CLIENT_ID, LINEAR_CLIENT_SECRET
[ ] Webhook: Linear Settings > API > Webhooks > New
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Resource types: Issue, Comment, Project

ClickUp

[ ] Go to ClickUp Settings > Integrations > Build Integration
[ ] Redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Copy Client ID and Client Secret
[ ] In PIE: CLICKUP_CLIENT_ID, CLICKUP_CLIENT_SECRET

Monday

[ ] Go to Monday Apps > Create App
[ ] OAuth redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Scopes: boards:read, boards:write, updates:read, updates:write, workspaces:read
[ ] Copy Client ID and Client Secret
[ ] In PIE: MONDAY_CLIENT_ID, MONDAY_CLIENT_SECRET

Basecamp

[ ] Go to 37signals Launchpad > Register Application
[ ] Redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Copy Client ID and Client Secret
[ ] In PIE: BASECAMP_CLIENT_ID, BASECAMP_CLIENT_SECRET

Phase 7: Data & Productivity (3 setups)

Airtable (OAuth)

[ ] Go to Airtable Developer Hub > Register OAuth integration
[ ] Redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Scopes: data.records:read, data.records:write, schema.bases:read, schema.bases:write
[ ] Enable PKCE
[ ] Copy Client ID and Client Secret
[ ] In PIE: AIRTABLE_CLIENT_ID, AIRTABLE_CLIENT_SECRET

Supabase (user provides their own keys)

[ ] No developer setup needed — each user enters their own project credentials
[ ] Users set: SUPABASE_URL (e.g. https://abc123.supabase.co) and SUPABASE_API_KEY
[ ] Just make sure the plugin is enabled in PIE

Coda (API key)

[ ] Get API key from Coda Account Settings
[ ] In PIE: CODA_API_KEY
[ ] Or let each user provide their own key via user secrets

Phase 8: Communication (3 setups)

Discord (OAuth + Bot)

[ ] Go to Discord Developer Portal > New Application
[ ] Under OAuth2:
- [ ] Add redirect: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
- [ ] Copy Client ID and Client Secret
[ ] Under Bot:
- [ ] Create a bot, copy the Bot Token
- [ ] Enable: MESSAGE CONTENT INTENT, SERVER MEMBERS INTENT
[ ] In PIE: DISCORD_CLIENT_ID, DISCORD_CLIENT_SECRET, DISCORD_BOT_TOKEN
[ ] Invite the bot to your server: https://discord.com/api/oauth2/authorize?client_id={CLIENT_ID}&permissions=274877991936&scope=bot

Intercom (OAuth)

[ ] Go to Intercom Developer Hub > Your Apps > New App
[ ] Redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Copy Client ID and Client Secret
[ ] In PIE: INTERCOM_CLIENT_ID, INTERCOM_CLIENT_SECRET
[ ] Webhook: In the app settings > Webhooks
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Topics: conversation.created, conversation.user.replied, contact.created

Gong (API key)

[ ] Go to Gong > Company Settings > API
[ ] Create API credentials
[ ] In PIE: GONG_ACCESS_KEY, GONG_ACCESS_KEY_SECRET
[ ] No webhooks — read-only polling

Phase 9: Scheduling & Support (5 setups)

Calendly (OAuth)

[ ] Go to Calendly Developer > Create OAuth App
[ ] Redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Copy Client ID and Client Secret
[ ] In PIE: CALENDLY_CLIENT_ID, CALENDLY_CLIENT_SECRET
[ ] Webhooks are registered programmatically by the connector after OAuth connect

Cal.com (API key)

[ ] Go to Cal.com Settings > Developer > API Keys > Create
[ ] In PIE: CALCOM_API_KEY
[ ] Webhook: Cal.com Settings > Developer > Webhooks > New
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Events: BOOKING_CREATED, BOOKING_CANCELLED, MEETING_ENDED

Zendesk (API token — easier than OAuth)

[ ] Go to Zendesk Admin Center > Apps and integrations > APIs > Zendesk API > Settings
[ ] Enable Token Access, create a new API token
[ ] Users provide: ZENDESK_EMAIL, ZENDESK_API_TOKEN, ZENDESK_SUBDOMAIN
[ ] Webhook: Admin Center > Apps > Webhooks > Create
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Then create Triggers (Admin > Objects > Triggers > Add) that fire the webhook on ticket events

Freshdesk (API key)

[ ] Each user gets their key from Freshdesk Profile Settings > Your API Key
[ ] Users provide: FRESHDESK_API_KEY, FRESHDESK_DOMAIN (e.g. yourcompany.freshdesk.com)
[ ] Webhooks are limited — use Freshdesk Automation Rules to POST to the webhook URL, or rely on polling

Gorgias (API key)

[ ] Each user gets credentials from Gorgias Settings > REST API
[ ] Users provide: GORGIAS_API_KEY, GORGIAS_EMAIL, GORGIAS_DOMAIN (e.g. yourstore.gorgias.com)
[ ] Webhook: Gorgias Settings > Integrations > HTTP Integration > Add
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Triggers: ticket-created, ticket-updated, message-created

Phase 10: E-commerce & Finance (3 setups)

Shopify (access token from custom app)

[ ] In the Shopify store admin: Settings > Apps and sales channels > Develop apps > Create an app
[ ] Configure Admin API scopes: read_products, write_products, read_orders, write_orders, read_customers
[ ] Install the app, copy the Admin API access token
[ ] Users provide: SHOPIFY_STORE (e.g. mystore.myshopify.com), SHOPIFY_ACCESS_TOKEN
[ ] Webhook: Settings > Notifications > Webhooks > Create
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Events: Order creation, Product update, Customer creation
- Format: JSON
- Shopify signs webhooks with HMAC-SHA256 using the API secret

Stripe (API key)

[ ] Go to Stripe Dashboard > Developers > API keys
[ ] Copy the Secret key (starts with sk_live_ or sk_test_)
[ ] In PIE: STRIPE_SECRET_KEY
[ ] Webhook: Developers > Webhooks > Add endpoint
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Events to send: payment_intent.succeeded, payment_intent.payment_failed, invoice.paid, invoice.payment_failed, customer.subscription.created, customer.subscription.deleted, charge.refunded
- Copy the Signing secret (starts with whsec_)
- In PIE: STRIPE_WEBHOOK_SECRET
[ ] Important: Use test mode keys first (sk_test_), switch to live after verifying

QuickBooks (OAuth)

[ ] Go to Intuit Developer > Create App > QuickBooks Online
[ ] Redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Scopes: com.intuit.quickbooks.accounting
[ ] Copy Client ID and Client Secret
[ ] In PIE: QUICKBOOKS_CLIENT_ID, QUICKBOOKS_CLIENT_SECRET
[ ] After OAuth connect, the user also needs to provide their QUICKBOOKS_REALM_ID (Company ID — visible in the QB URL after login)
[ ] Webhook: Intuit Developer > Webhooks > Add
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Entities: Customer, Invoice, Payment, Bill

Phase 11: Marketing & Email (4 setups — all API keys)

These are the easiest — just API keys, no OAuth apps to create.

Mailchimp

[ ] Go to Mailchimp Account > Extras > API Keys > Create A Key
[ ] Copy the key (includes data center suffix, e.g. abc123def456-us21)
[ ] In PIE: MAILCHIMP_API_KEY
[ ] Webhook: Audience > Settings > Webhooks > Create
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Events: Subscribes, Unsubscribes, Profile updates, Campaign sending

SendGrid

[ ] Go to SendGrid > Create API Key
[ ] Permissions: Full Access (or restrict to Mail Send + Marketing)
[ ] Copy the key (shown only once!)
[ ] In PIE: SENDGRID_API_KEY
[ ] Webhook: Settings > Mail Settings > Event Webhook
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Events: Delivered, Opened, Clicked, Bounced, Dropped, Spam Reports

Brevo (formerly Sendinblue)

[ ] Go to Brevo > Settings > SMTP & API > API Keys > Generate a new API key
[ ] Copy the key
[ ] In PIE: BREVO_API_KEY
[ ] Webhook: Settings > Webhooks > Add a new webhook
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Events: sent, delivered, opened, clicked, hard_bounce, soft_bounce, unsubscribed

ActiveCampaign

[ ] Go to ActiveCampaign Settings > Developer > API Access
[ ] Copy the API URL (e.g. https://yourname.api-us1.com) and API Key
[ ] Users provide: ACTIVECAMPAIGN_API_URL, ACTIVECAMPAIGN_API_KEY
[ ] Webhook: Settings > Developer > Webhooks > Add
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Events: contact_add, contact_update, deal_add, deal_update, deal_task_complete

Phase 12: DevOps & Messaging (3 setups)

GitLab (OAuth)

[ ] Go to GitLab > User Settings > Applications > New Application (or Admin > Applications for instance-wide)
[ ] Redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Scopes: api, read_user, read_repository
[ ] Copy Application ID and Secret
[ ] In PIE: GITLAB_CLIENT_ID, GITLAB_CLIENT_SECRET
[ ] Webhook (per project): Project Settings > Webhooks > Add
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Secret token: generate one and set as GITLAB_WEBHOOK_SECRET in PIE
- Events: Push events, Merge request events, Pipeline events, Issue events

Twilio (API key)

[ ] Go to Twilio Console
[ ] Copy Account SID from the dashboard
[ ] Go to Account > API keys > Create API Key (Standard)
[ ] Copy SID and Secret
[ ] In PIE: TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN (use the Account Auth Token or API key secret)
[ ] Webhook: For each phone number in Twilio Console > Phone Numbers > Active Numbers:
- Messaging webhook: https://<pie-domain>/api/webhooks/plugin/{pluginId}?type=message
- Voice webhook: https://<pie-domain>/api/webhooks/plugin/{pluginId}?type=call
- Method: HTTP POST

Telegram (bot token)

[ ] Open Telegram, message @BotFather
[ ] Send /newbot, follow the prompts to name it
[ ] Copy the bot token (looks like 123456789:ABCdefGHIjklMNOpqrstUVwxyz)
[ ] In PIE: TELEGRAM_BOT_TOKEN

[ ] Webhook: The connector can set this automatically via the set_webhook action, OR do it manually:

curl -X POST "https://api.telegram.org/bot{TOKEN}/setWebhook" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://<pie-domain>/api/webhooks/plugin/{pluginId}"}'

Phase 13: Design (3 setups)

Figma (OAuth)

[ ] Go to Figma Developer Settings > Create a new app
[ ] Callback URL: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Copy Client ID and Client Secret
[ ] In PIE: FIGMA_CLIENT_ID, FIGMA_CLIENT_SECRET
[ ] Webhooks are registered programmatically by the connector via the Figma API

Canva (OAuth)

[ ] Go to Canva Developer Portal > Create App
[ ] Redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Copy Client ID and Client Secret
[ ] In PIE: CANVA_CLIENT_ID, CANVA_CLIENT_SECRET
[ ] No webhooks — Canva doesn't support them. Use polling.

Miro (OAuth)

[ ] Go to Miro Developer > Your Apps > Create New App
[ ] Redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Scopes: boards:read, boards:write
[ ] Copy Client ID and Client Secret
[ ] In PIE: MIRO_CLIENT_ID, MIRO_CLIENT_SECRET
[ ] Webhooks are registered programmatically by the connector

Phase 14: HR (2 setups)

BambooHR (API key)

[ ] Each user gets their key from BambooHR > Account > API Keys > Add New Key
[ ] Users provide: BAMBOOHR_API_KEY, BAMBOOHR_SUBDOMAIN (the part before .bamboohr.com)
[ ] Webhook: BambooHR > Settings > Webhooks > Add
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Events: Employee changes, Time-off requests

Lever (OAuth)

[ ] Go to Lever Settings > Integrations > OAuth credentials
[ ] Redirect URI: https://<pie-domain>/api/oauth/plugin/{pluginId}/callback
[ ] Copy Client ID and Client Secret
[ ] In PIE: LEVER_CLIENT_ID, LEVER_CLIENT_SECRET
[ ] Webhook: Lever Settings > Integrations > Webhooks > Add
- URL: https://<pie-domain>/api/webhooks/plugin/{pluginId}
- Events: candidateHired, candidateStageChange, applicationCreated

Webhook Verification Cheat Sheet

After setting up webhooks, some services require verification. Here's how each one works:

Service	How it verifies	What to configure in PIE
GitHub	HMAC-SHA256 in `X-Hub-Signature-256` header	`GITHUB_WEBHOOK_SECRET`
Stripe	Stripe signature in `Stripe-Signature` header	`STRIPE_WEBHOOK_SECRET`
Shopify	HMAC-SHA256 in `X-Shopify-Hmac-Sha256` header	Uses the app's API secret automatically
GitLab	Token in `X-Gitlab-Token` header	`GITLAB_WEBHOOK_SECRET`
Slack	Request signing with `X-Slack-Signature`	Uses the signing secret from Slack app
Twilio	Request signature validation	Uses the Auth Token
Telegram	Optional `X-Telegram-Bot-Api-Secret-Token`	Optional — set in `set_webhook` call
Linear	Signing secret in webhook config	Store if Linear provides one

Services With No Webhooks (polling only)

These connectors can't receive webhooks — they rely on polling (cron) or on-demand lookups:

All ScrapeCreators social media (TikTok, Instagram, YouTube, Reddit, LinkedIn, Pinterest, Facebook Ads)
Google Sheets, Google Docs (no push — use watch API workaround or polling)
Gong (no webhooks at all)
Canva (no webhook API)
Freshdesk (limited — use automation rules to POST, or just poll)
Coda (use Coda automations or polling)
Notion (no webhooks)
Cal.com (has webhooks but limited event types)

All Secrets Reference (quick lookup)

Plugin	Secret Name	Where to Get It
ScrapeCreators (x7)	`SCRAPECREATORS_API_KEY`	app.scrapecreators.com dashboard
Google (x10)	`GOOGLE_CLIENT_ID`	Google Cloud Console > Credentials
Google (x10)	`GOOGLE_CLIENT_SECRET`	Google Cloud Console > Credentials
Google Ads	`GOOGLE_ADS_DEVELOPER_TOKEN`	Google Ads API Center
Microsoft (x3)	`MICROSOFT_CLIENT_ID`	Azure Portal > App registrations
Microsoft (x3)	`MICROSOFT_CLIENT_SECRET`	Azure Portal > Certificates & secrets
Atlassian (x3)	`ATLASSIAN_CLIENT_ID`	Atlassian Developer Console
Atlassian (x3)	`ATLASSIAN_CLIENT_SECRET`	Atlassian Developer Console
Salesforce	`SALESFORCE_CLIENT_ID`	Salesforce Setup > App Manager
Salesforce	`SALESFORCE_CLIENT_SECRET`	Salesforce Setup > App Manager
Pipedrive	`PIPEDRIVE_CLIENT_ID`	Pipedrive Developer Hub
Pipedrive	`PIPEDRIVE_CLIENT_SECRET`	Pipedrive Developer Hub
Attio	`ATTIO_CLIENT_ID`	Attio Settings > Developers
Attio	`ATTIO_CLIENT_SECRET`	Attio Settings > Developers
Linear	`LINEAR_CLIENT_ID`	Linear Settings > API
Linear	`LINEAR_CLIENT_SECRET`	Linear Settings > API
ClickUp	`CLICKUP_CLIENT_ID`	ClickUp Settings > Integrations
ClickUp	`CLICKUP_CLIENT_SECRET`	ClickUp Settings > Integrations
Monday	`MONDAY_CLIENT_ID`	Monday Apps dashboard
Monday	`MONDAY_CLIENT_SECRET`	Monday Apps dashboard
Basecamp	`BASECAMP_CLIENT_ID`	37signals Launchpad
Basecamp	`BASECAMP_CLIENT_SECRET`	37signals Launchpad
Airtable	`AIRTABLE_CLIENT_ID`	Airtable Developer Hub
Airtable	`AIRTABLE_CLIENT_SECRET`	Airtable Developer Hub
Supabase	`SUPABASE_URL`	User's Supabase project settings
Supabase	`SUPABASE_API_KEY`	User's Supabase project settings
Coda	`CODA_API_KEY`	Coda Account Settings
Discord	`DISCORD_CLIENT_ID`	Discord Developer Portal
Discord	`DISCORD_CLIENT_SECRET`	Discord Developer Portal
Discord	`DISCORD_BOT_TOKEN`	Discord Developer Portal > Bot
Intercom	`INTERCOM_CLIENT_ID`	Intercom Developer Hub
Intercom	`INTERCOM_CLIENT_SECRET`	Intercom Developer Hub
Gong	`GONG_ACCESS_KEY`	Gong Company Settings > API
Gong	`GONG_ACCESS_KEY_SECRET`	Gong Company Settings > API
Calendly	`CALENDLY_CLIENT_ID`	Calendly Developer
Calendly	`CALENDLY_CLIENT_SECRET`	Calendly Developer
Cal.com	`CALCOM_API_KEY`	Cal.com Settings > Developer
Zendesk	`ZENDESK_EMAIL`	User's Zendesk login email
Zendesk	`ZENDESK_API_TOKEN`	Zendesk Admin > APIs > Zendesk API
Zendesk	`ZENDESK_SUBDOMAIN`	Your `{subdomain}.zendesk.com`
Freshdesk	`FRESHDESK_API_KEY`	Freshdesk Profile Settings
Freshdesk	`FRESHDESK_DOMAIN`	Your `{domain}.freshdesk.com`
Gorgias	`GORGIAS_API_KEY`	Gorgias Settings > REST API
Gorgias	`GORGIAS_EMAIL`	Your Gorgias login email
Gorgias	`GORGIAS_DOMAIN`	Your `{domain}.gorgias.com`
Shopify	`SHOPIFY_STORE`	Your `{store}.myshopify.com`
Shopify	`SHOPIFY_ACCESS_TOKEN`	Shopify Admin > Apps > Custom app
Stripe	`STRIPE_SECRET_KEY`	Stripe Dashboard > Developers > API keys
Stripe	`STRIPE_WEBHOOK_SECRET`	Stripe Dashboard > Developers > Webhooks
QuickBooks	`QUICKBOOKS_CLIENT_ID`	Intuit Developer portal
QuickBooks	`QUICKBOOKS_CLIENT_SECRET`	Intuit Developer portal
QuickBooks	`QUICKBOOKS_REALM_ID`	User's QB Company ID from URL
Mailchimp	`MAILCHIMP_API_KEY`	Mailchimp Account > Extras > API Keys
SendGrid	`SENDGRID_API_KEY`	SendGrid Settings > API Keys
Brevo	`BREVO_API_KEY`	Brevo Settings > SMTP & API
ActiveCampaign	`ACTIVECAMPAIGN_API_URL`	AC Settings > Developer > API Access
ActiveCampaign	`ACTIVECAMPAIGN_API_KEY`	AC Settings > Developer > API Access
GitLab	`GITLAB_CLIENT_ID`	GitLab Settings > Applications
GitLab	`GITLAB_CLIENT_SECRET`	GitLab Settings > Applications
GitLab	`GITLAB_WEBHOOK_SECRET`	You generate this, set on both sides
Twilio	`TWILIO_ACCOUNT_SID`	Twilio Console dashboard
Twilio	`TWILIO_AUTH_TOKEN`	Twilio Console dashboard
Telegram	`TELEGRAM_BOT_TOKEN`	@BotFather on Telegram
Figma	`FIGMA_CLIENT_ID`	Figma Developer Settings
Figma	`FIGMA_CLIENT_SECRET`	Figma Developer Settings
Canva	`CANVA_CLIENT_ID`	Canva Developer Portal
Canva	`CANVA_CLIENT_SECRET`	Canva Developer Portal
Miro	`MIRO_CLIENT_ID`	Miro Developer > Your Apps
Miro	`MIRO_CLIENT_SECRET`	Miro Developer > Your Apps
BambooHR	`BAMBOOHR_API_KEY`	BambooHR Account > API Keys
BambooHR	`BAMBOOHR_SUBDOMAIN`	Your `{subdomain}.bamboohr.com`
Lever	`LEVER_CLIENT_ID`	Lever Settings > Integrations
Lever	`LEVER_CLIENT_SECRET`	Lever Settings > Integrations

Post-Setup Verification Checklist

After setting up all connectors, run through this:

[ ] Test each OAuth connector: Click Connect, complete the flow, verify it returns successfully
[ ] Test each API key connector: Run a simple read action (e.g. list something) to verify the key works
[ ] Test one webhook: Trigger an event in a service with webhooks (e.g. create a Jira issue) and verify the heartbeat event fires in PIE
[ ] Verify heartbeat events: Go to Agent Settings > Automations, confirm each connector's events appear in the dropdown
[ ] Check polling: For ScrapeCreators plugins with monitors, create a test monitor and wait for the cron to run
[ ] Document all plugin IDs: Record the {pluginId} for each installed connector (needed for webhook URLs)

Internal Connector Setup Playbook ​

Before You Start ​

Phase 1: ScrapeCreators (covers 7 plugins at once) ​

Phase 2: Google Cloud (covers 10 plugins) ​

Phase 3: Microsoft Azure AD (covers 3 plugins) ​

Phase 4: Atlassian (covers 3 plugins) ​

Phase 5: CRM Connectors (3 separate setups) ​

Salesforce ​

Pipedrive ​

Attio ​

Phase 6: Project Management (4 separate setups) ​

Linear ​

ClickUp ​

Monday ​

Basecamp ​

Phase 7: Data & Productivity (3 setups) ​

Airtable (OAuth) ​

Supabase (user provides their own keys) ​

Coda (API key) ​

Phase 8: Communication (3 setups) ​

Discord (OAuth + Bot) ​

Intercom (OAuth) ​

Gong (API key) ​

Phase 9: Scheduling & Support (5 setups) ​

Calendly (OAuth) ​

Cal.com (API key) ​

Zendesk (API token — easier than OAuth) ​

Freshdesk (API key) ​

Gorgias (API key) ​

Phase 10: E-commerce & Finance (3 setups) ​

Shopify (access token from custom app) ​

Stripe (API key) ​

QuickBooks (OAuth) ​

Phase 11: Marketing & Email (4 setups — all API keys) ​

Mailchimp ​

SendGrid ​

Brevo (formerly Sendinblue) ​

ActiveCampaign ​

Phase 12: DevOps & Messaging (3 setups) ​

GitLab (OAuth) ​

Twilio (API key) ​

Telegram (bot token) ​

Phase 13: Design (3 setups) ​

Figma (OAuth) ​

Canva (OAuth) ​

Miro (OAuth) ​

Phase 14: HR (2 setups) ​

BambooHR (API key) ​

Lever (OAuth) ​

Webhook Verification Cheat Sheet ​

Services With No Webhooks (polling only) ​

All Secrets Reference (quick lookup) ​

Post-Setup Verification Checklist ​