~10 min setup

Connect External APIs

Connect any REST API that has an OpenAPI (Swagger) spec. Sandra auto-generates tools for each endpoint, making them immediately available in conversations.

Example use cases

check_circleConnect your CRM so Sandra can look up customer information
check_circleConnect a project management tool (Jira, Linear, Asana) for task updates
check_circleConnect your internal HR system for employee directory lookups
check_circleConnect a shipping API to track orders
check_circleConnect any SaaS with an API — if it has an OpenAPI spec, Sandra can use it

Prerequisites: An OpenAPI 3.x specification (JSON or YAML) for your API, API credentials, and Admin Portal access. Most APIs publish their spec — look for “API Reference,” “Swagger,” or “OpenAPI” in the docs.

1. Open the Integrations dashboard

Admin Portal → Integrations tab

You’ll see the External API Connections panel

2. Add a new connection

Click + New Connection

Enter a Connection Name (e.g. Acme CRM) and the Base URL (e.g. https://api.acme.com/v2)

Paste or upload the OpenAPI 3.x spec (JSON or YAML)

3. Configure authentication

Select the auth type your API uses:

Auth Type	Fields
API Key	Header name + API key value
Bearer Token	Token value
Basic Auth	Username + password
OAuth2 Client Credentials	Client ID + Client Secret + Token URL
Custom Header	Header name + header value

4. Save and test

Click Save Connection — Sandra parses the spec and auto-generates tools for each endpoint

Click Test Connection to verify Sandra can reach the API

You’ll see a health indicator: ✅ Connected or ❌ Failed

5. Manage individual tools

After saving, you’ll see a list of auto-generated tools — one per API endpoint:

Acme CRM — 6 tools generated

✅ GET /customers → List Customers

✅ GET /customers/{ id } → Get Customer Details

✅ POST /customers → Create Customer

❌ DELETE /customers/{ id } → Delete Customer (disabled)

✅ GET /orders → List Orders

✅ GET /orders/{ id } → Get Order Details

You can toggle tools on/off (e.g., disable DELETE endpoints), view handler code, and test individual endpoints.

Best practices

Start with read-only endpoints

Enable GET endpoints first. Only enable POST/PUT/DELETE after testing thoroughly.

Review auto-generated descriptions

Better tool descriptions help Sandra choose the right tool. Improve them if the OpenAPI summary is unclear.

Use focused specs

If an API has hundreds of endpoints, provide a trimmed spec with only the relevant ones. Fewer, focused tools = better accuracy.

Troubleshooting

Invalid OpenAPI spec

Sandra requires OpenAPI 3.x (not Swagger 2.0). Validate at editor.swagger.io.

Connection test failed

Check the base URL (no trailing slash), auth type, and credentials. Ensure Sandra’s server can reach the API.

Sandra doesn’t use the right tool

Improve tool descriptions, disable unused tools, or ask Sandra to use a specific tool by name.

shieldSecurity notes

• Credentials encrypted at rest, never exposed to end users
• Each API call logged for audit purposes
• Sandra only calls explicitly enabled tools
• Revoke access anytime by updating or deleting the connection

← Connect GitHub

Repository knowledge indexing.

Agent Settings →

Customize Sandra’s personality.