| title | Manage connected accounts | ||||||
|---|---|---|---|---|---|---|---|
| description | Check status, list, delete, and update credentials for connected accounts across all connector auth types. | ||||||
| tags |
|
||||||
| sidebar |
|
||||||
| tableOfContents |
|
||||||
| prev |
|
||||||
| next |
|
import { Tabs, TabItem, Aside } from '@astrojs/starlight/components';
A connected account is the per-user record that holds a user's credentials and tracks their authorization state for a specific connection. Scalekit creates one automatically when a user completes authentication.
| State | Meaning |
|---|---|
PENDING |
User hasn't completed authentication |
ACTIVE |
Credentials valid, ready for tool calls |
EXPIRED |
Credentials expired or invalidated, re-authentication required |
REVOKED |
User revoked access or credentials were invalidated |
ERROR |
Authentication or configuration error |
Use get_or_create_connected_account as the safe default when a user may be connecting for the first time. Use get_connected_account only when you know the account already exists and you need to inspect or return its stored auth details.
console.log('Status:', response.connectedAccount?.status);
</TabItem>
</Tabs>
## Handle inactive accounts
When a connected account isn't `ACTIVE`, generate a new authorization link and send it to the user.
The link opens a **Hosted Page**, a Scalekit-hosted UI that adapts automatically based on the connection's auth type:
- **OAuth connectors**: presents the provider's OAuth consent screen
- **API key, basic auth, or other connectors**: presents a form to collect the required credentials
Your code is the same regardless of connector type. Scalekit determines the right flow based on the connection configuration.
<Tabs syncKey="tech-stack">
<TabItem label="Python">
```python
if connected_account.status != "ACTIVE":
link_response = actions.get_authorization_link(
connection_name="gmail",
identifier="user_123"
)
# Redirect or send link_response.link to the user
if (connectedAccount?.status !== ConnectorStatus.ACTIVE) { const linkResponse = await actions.getAuthorizationLink({ connectionName: 'gmail', identifier: 'user_123', }); // Redirect or send linkResponse.link to the user }
</TabItem>
</Tabs>
<Aside type="tip" title="Customize hosted pages">
By default, hosted pages use Scalekit's branding. You can configure your own logo, colors, and custom domain so the pages look like part of your product. See [Custom domain](/agentkit/advanced/custom-domain/).
</Aside>
## List connected accounts
<Aside type="note" title="Node.js only">
List and delete operations are currently available in the Node.js SDK. Use the [Scalekit dashboard](https://app.scalekit.com) or REST API for Python.
</Aside>
```typescript
const listResponse = await actions.listConnectedAccounts({
connectionName: 'gmail',
});
console.log('Connected accounts:', listResponse);
Deleting a connected account removes the user's credentials and authorization state. The user must re-authenticate to reconnect.
await actions.deleteConnectedAccount({
connectionName: 'gmail',
identifier: 'user_123',
});Scopes apply to OAuth connectors only. For non-OAuth connectors (API key, basic auth, and similar), generate a new authorization link and the hosted page will collect updated credentials.
To request additional OAuth scopes from an existing connected account:
- Update the connection's scopes in AgentKit > Connections > Edit.
- Generate a new authorization link for the user.
- The user completes the OAuth consent screen, approving the updated scopes.
- Scalekit updates the connected account with the new token set.