Credentials (
clientId/secret) are inbound-only: they are sealed before persistence and are never returned in a response, a log, or an error. Every response on this surface is secret-free by construction. The tenant is always resolved from the JWT, never from the request body.Create a connection
vendor—pluggyorbelvo.configName— unique (tenant-scoped) connection identity; a duplicate is a409. The webhook token-mint endpoint binds a token to this name.baseUrl— vendor API base URL, stored as the connection host.accountRef— opaque vendor account reference (PluggyitemId, Belvo link id) threaded onto the webhook pull.clientId/secret— aggregator API credential; sealed and never emitted.
201 with the secret-free connection descriptor:
List, get, update, delete
Update
Edit an existing connection by id so a mistypedbaseUrl is not permanent. The vendor is immutable. The credential is optional: supply both clientId and secret to rotate the sealed credential, or omit both to leave the stored secret intact. Supplying exactly one is a 400.
Delete
204), freeing its config name for reuse. A non-aggregator connection id returns 404 on any by-id operation — this surface never confirms the existence of a non-aggregator row.
Test a connection
Run a live connectivity check for an existing connection using its already-sealed credential, addressed by
(vendor, configName). No credential is supplied or returned.
A credentials-don’t-work outcome is an expected test result surfaced as
"healthy": false with a 200 — not an error. A missing connection is a 404.Connector types
List the connector types the engine registry has actually registered for this deployment, each tagged with a backend-derived category (
database or rest). The list reflects the live registry — only connectors registered at boot appear. It drives the connection form’s type-select.
Mint a webhook token
Mint a webhook token bound to an existing aggregator connection. The raw token and its provider-facing webhook URL are returned once — only the token’s SHA-256 hash is stored.
webhookUrl in the aggregator’s dashboard. A missing target connection returns 404.
Response codes
| Status | Meaning |
|---|---|
200 | Get, list, test, or connector-types returned |
201 | Connection created / token minted |
204 | Connection soft-deleted |
400 | Invalid vendor, partial credential pair, or invalid pagination |
401 | Tenant could not be resolved |
404 | Connection not found (or not an aggregator) |
409 | Connection with that config name already exists |

