AgentSkillsCN

api-gateway

API 网关——用于调用第三方 API 并实现托管身份验证。当用户希望与 Slack、HubSpot、Salesforce、Google Workspace、Stripe 等外部服务交互时,可使用此技能。

SKILL.md
--- frontmatter
name: api-gateway
description: |
  API gateway for calling third-party APIs with managed auth. Use this skill when users want to interact with external services like Slack, HubSpot, Salesforce, Google Workspace, Stripe, and more.
compatibility: Requires network access and valid Maton API key
metadata:
  author: maton
  version: "1.0"

API Gateway

Passthrough proxy for direct access to third-party APIs using managed auth connections. The API gateway lets you call native API endpoints directly.

Quick Start

bash
# Native Slack API call
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'channel': 'C0123456', 'text': 'Hello from gateway!'}).encode()
req = urllib.request.Request('https://gateway.maton.ai/slack/api/chat.postMessage', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

IMPORTANT: If you receive a 500 Internal Server Error, this does NOT mean the service is unsupported. The most common cause is an expired OAuth refresh token (connections older than 1 month). See the "Troubleshooting 500 Internal Server Error" section below to create a new connection and retry with the new connection ID.

Base URL

code
https://gateway.maton.ai/{app}/{native-api-path}

Replace {app} with the service name and {native-api-path} with the actual API endpoint path.

Authentication

All requests require the Maton API key in the Authorization header:

code
Authorization: Bearer $MATON_API_KEY

The API gateway automatically injects the appropriate OAuth token for the target service.

Environment Variable: You can set your API key as the MATON_API_KEY environment variable:

bash
export MATON_API_KEY="YOUR_API_KEY"

Getting Your API Key

  1. Sign in or create an account at maton.ai
  2. Go to maton.ai/settings
  3. Click the copy button on the right side of API Key section to copy it

Connection Management

Connection management uses a separate base URL: https://ctrl.maton.ai

List Connections

bash
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections?app=slack&status=ACTIVE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Query Parameters (optional):

  • app - Filter by service name (e.g., slack, hubspot, salesforce)
  • status - Filter by connection status (ACTIVE, PENDING, FAILED)

Response:

json
{
  "connections": [
    {
      "connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
      "status": "ACTIVE",
      "creation_time": "2025-12-08T07:20:53.488460Z",
      "last_updated_time": "2026-01-31T20:03:32.593153Z",
      "url": "https://connect.maton.ai/?session_token=5e9...",
      "app": "slack",
      "metadata": {}
    }
  ]
}

Create Connection

bash
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'app': 'slack'}).encode()
req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Get Connection

bash
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Response:

json
{
  "connection": {
    "connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
    "status": "ACTIVE",
    "creation_time": "2025-12-08T07:20:53.488460Z",
    "last_updated_time": "2026-01-31T20:03:32.593153Z",
    "url": "https://connect.maton.ai/?session_token=5e9...",
    "app": "slack",
    "metadata": {}
  }
}

Open the returned URL in a browser to complete OAuth.

Delete Connection

bash
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Specifying Connection

If you have multiple connections for the same app, you can specify which connection to use by adding the Maton-Connection header with the connection ID:

bash
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'channel': 'C0123456', 'text': 'Hello!'}).encode()
req = urllib.request.Request('https://gateway.maton.ai/slack/api/chat.postMessage', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

If omitted, the gateway uses the default (oldest) active connection for that app.

Supported Services

ServiceApp NameBase URL Proxied
Airtableairtableapi.airtable.com
Apolloapolloapi.apollo.io
Asanaasanaapp.asana.com
Attioattioapi.attio.com
Calendlycalendlyapi.calendly.com
Chargebeechargebee{subdomain}.chargebee.com
ClickUpclickupapi.clickup.com
Fathomfathomapi.fathom.ai
GitHubgithubapi.github.com
Google Adsgoogle-adsgoogleads.googleapis.com
Google Analytics Admingoogle-analytics-adminanalyticsadmin.googleapis.com
Google Analytics Datagoogle-analytics-dataanalyticsdata.googleapis.com
Google Calendargoogle-calendarwww.googleapis.com
Google Docsgoogle-docsdocs.googleapis.com
Google Drivegoogle-drivewww.googleapis.com
Google Formsgoogle-formsforms.googleapis.com
Gmailgoogle-mailgmail.googleapis.com
Google Meetgoogle-meetmeet.googleapis.com
Google Playgoogle-playandroidpublisher.googleapis.com
Google Search Consolegoogle-search-consolewww.googleapis.com
Google Sheetsgoogle-sheetssheets.googleapis.com
Google Slidesgoogle-slidesslides.googleapis.com
HubSpothubspotapi.hubapi.com
Jirajiraapi.atlassian.com
JotFormjotformapi.jotform.com
Klaviyoklaviyoa.klaviyo.com
Linearlinearapi.linear.app
Mailchimpmailchimp{dc}.api.mailchimp.com
Monday.commondayapi.monday.com
Notionnotionapi.notion.com
Outlookoutlookgraph.microsoft.com
Pipedrivepipedriveapi.pipedrive.com
QuickBooksquickbooksquickbooks.api.intuit.com
Salesforcesalesforce{instance}.salesforce.com
Slackslackslack.com
Stripestripeapi.stripe.com
Trellotrelloapi.trello.com
Typeformtypeformapi.typeform.com
WhatsApp Businesswhatsapp-businessgraph.facebook.com
WooCommercewoocommerce{store-url}/wp-json/wc/v3
Xeroxeroapi.xero.com
YouTubeyoutubewww.googleapis.com

See references/ for detailed routing guides per provider:

  • Airtable - Records, bases, tables
  • Apollo - People search, enrichment, contacts
  • Asana - Tasks, projects, workspaces, webhooks
  • Attio - People, companies, records, tasks
  • Calendly - Event types, scheduled events, availability, webhooks
  • Chargebee - Subscriptions, customers, invoices
  • ClickUp - Tasks, lists, folders, spaces, webhooks
  • Fathom - Meeting recordings, transcripts, summaries, webhooks
  • GitHub - Repositories, issues, pull requests, commits
  • Google Ads - Campaigns, ad groups, GAQL queries
  • Google Analytics Admin - Reports, dimensions, metrics
  • Google Analytics Data - Reports, dimensions, metrics
  • Google Calendar - Events, calendars, free/busy
  • Google Docs - Document creation, batch updates
  • Google Drive - Files, folders, permissions
  • Google Forms - Forms, questions, responses
  • Gmail - Messages, threads, labels
  • Google Meet - Spaces, conference records, participants
  • Google Play - In-app products, subscriptions, reviews
  • Google Search Console - Search analytics, sitemaps
  • Google Sheets - Values, ranges, formatting
  • Google Slides - Presentations, slides, formatting
  • HubSpot - Contacts, companies, deals
  • Jira - Issues, projects, JQL queries
  • JotForm - Forms, submissions, webhooks
  • Klaviyo - Profiles, lists, campaigns, flows, events
  • Linear - Issues, projects, teams, cycles (GraphQL)
  • Mailchimp - Audiences, campaigns, templates, automations
  • Monday.com - Boards, items, columns, groups (GraphQL)
  • Notion - Pages, databases, blocks
  • Outlook - Mail, calendar, contacts
  • Pipedrive - Deals, persons, organizations, activities
  • QuickBooks - Customers, invoices, reports
  • Salesforce - SOQL, sObjects, CRUD
  • Slack - Messages, channels, users
  • Stripe - Customers, subscriptions, payments
  • Trello - Boards, lists, cards, checklists
  • Typeform - Forms, responses, insights
  • WhatsApp Business - Messages, templates, media
  • WooCommerce - Products, orders, customers, coupons
  • Xero - Contacts, invoices, reports
  • YouTube - Videos, playlists, channels, subscriptions

Examples

Slack - Post Message (Native API)

bash
# Native Slack API: POST https://slack.com/api/chat.postMessage
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'channel': 'C0123456', 'text': 'Hello!'}).encode()
req = urllib.request.Request('https://gateway.maton.ai/slack/api/chat.postMessage', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json; charset=utf-8')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

HubSpot - Create Contact (Native API)

bash
# Native HubSpot API: POST https://api.hubapi.com/crm/v3/objects/contacts
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'properties': {'email': 'john@example.com', 'firstname': 'John', 'lastname': 'Doe'}}).encode()
req = urllib.request.Request('https://gateway.maton.ai/hubspot/crm/v3/objects/contacts', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Google Sheets - Get Spreadsheet Values (Native API)

bash
# Native Sheets API: GET https://sheets.googleapis.com/v4/spreadsheets/{id}/values/{range}
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-sheets/v4/spreadsheets/122BS1sFN2RKL8AOUQjkLdubzOwgqzPT64KfZ2rvYI4M/values/Sheet1!A1:B2')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Salesforce - SOQL Query (Native API)

bash
# Native Salesforce API: GET https://{instance}.salesforce.com/services/data/v64.0/query?q=...
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/salesforce/services/data/v64.0/query?q=SELECT+Id,Name+FROM+Contact+LIMIT+10')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Airtable - List Tables (Native API)

bash
# Native Airtable API: GET https://api.airtable.com/v0/meta/bases/{id}/tables
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/airtable/v0/meta/bases/appgqan2NzWGP5sBK/tables')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Notion - Query Database (Native API)

bash
# Native Notion API: POST https://api.notion.com/v1/data_sources/{id}/query
python <<'EOF'
import urllib.request, os, json
data = json.dumps({}).encode()
req = urllib.request.Request('https://gateway.maton.ai/notion/v1/data_sources/23702dc5-9a3b-8001-9e1c-000b5af0a980/query', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
req.add_header('Notion-Version', '2025-09-03')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Stripe - List Customers (Native API)

bash
# Native Stripe API: GET https://api.stripe.com/v1/customers
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/stripe/v1/customers?limit=10')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Code Examples

JavaScript (Node.js)

javascript
const response = await fetch('https://gateway.maton.ai/slack/api/chat.postMessage', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${process.env.MATON_API_KEY}`
  },
  body: JSON.stringify({ channel: 'C0123456', text: 'Hello!' })
});

Python

python
import os
import requests

response = requests.post(
    'https://gateway.maton.ai/slack/api/chat.postMessage',
    headers={'Authorization': f'Bearer {os.environ["MATON_API_KEY"]}'},
    json={'channel': 'C0123456', 'text': 'Hello!'}
)

Error Handling

StatusMeaning
400Missing connection for the requested app
401Invalid or missing Maton API key
429Rate limited (10 requests/second per account)
500Internal Server Error (see troubleshooting below)
4xx/5xxPassthrough error from the target API

Errors from the target API are passed through with their original status codes and response bodies.

Troubleshooting: Invalid API Key

When you receive a "Invalid API key" error, ALWAYS follow these steps before concluding there is an issue:

  1. Check that the MATON_API_KEY environment variable is set:
bash
echo $MATON_API_KEY
  1. Verify the API key is valid by listing connections:
bash
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Troubleshooting 500 Internal Server Error

IMPORTANT: A 500 Internal Server Error does NOT mean the service is unsupported. If the app is listed in the Supported Services table above, the error is likely due to an expired OAuth refresh token.

When you receive a 500 Internal Server Error, ALWAYS follow these steps before concluding there is an issue:

Connections that have been active for more than 1 month may have expired OAuth refresh tokens. To resolve:

  1. Create a new connection for the app:
bash
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'app': 'APP_NAME'}).encode()
req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
  1. Get the OAuth URL by calling the GET connection endpoint with the new connection ID from step 1:
bash
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/NEW_CONNECTION_ID')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
  1. Share the returned url with the user and ask them to complete the OAuth flow in their browser.

  2. After the user completes OAuth, retry the original request using the new connection ID via the Maton-Connection header:

bash
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/APP_NAME/...')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Maton-Connection', 'NEW_CONNECTION_ID')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
  1. Once the new connection status is ACTIVE and working, ask the user if they want to delete the old connection:
bash
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/OLD_CONNECTION_ID', method='DELETE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF

Rate Limits

  • 10 requests per second per account
  • Target API rate limits also apply

Notes

  • IMPORTANT: When using curl commands, use curl -g when URLs contain brackets (fields[], sort[], records[]) to disable glob parsing
  • IMPORTANT: When piping curl output to jq or other commands, environment variables like $MATON_API_KEY may not expand correctly in some shell environments. You may get "Invalid API key" errors when piping.

Tips

  1. Use native API docs: Refer to each service's official API documentation for endpoint paths and parameters.

  2. Headers are forwarded: Custom headers (except Host and Authorization) are forwarded to the target API.

  3. Query params work: URL query parameters are passed through to the target API.

  4. All HTTP methods supported: GET, POST, PUT, PATCH, DELETE are all supported.

  5. QuickBooks special case: Use :realmId in the path and it will be replaced with the connected realm ID.

Optional