Skip to main content
Every Connect vendor namespace (/connect/{vendor}/*) implements these three meta-routes before vendor-specific data routes (orders, catalog, results). Auth: Customer API key with integrations scope. Partner master keys (accounts scope) are rejected with 403. Platform liveness (not vendor-specific): GET /connect/healthno auth. Every vendor namespace implements these three meta-routes:
RouteAuthPurpose
POST /connect/{vendor}/integrationsintegrationsSave vendor credentials for this customer
GET /connect/{vendor}/healthintegrationsLive probe of this customer’s stored credentials
DELETE /connect/{vendor}/integrationsintegrationsDisconnect and archive the integration
Do not conflate platform health (GET /connect/health) with vendor health.

POST /connect/{vendor}/integrations

Save vendor credentials for the authenticated customer’s org + team.
config
object
required
Vendor-specific configuration. Must include a vendor discriminator where applicable (e.g. StubVendor).
Team scope comes from the API credential, not the request body.

Success — 201 Created

{
  "data": {
    "integrationId": "uuid",
    "type": "StubVendor",
    "healthy": true
  },
  "meta": {
    "requestId": "req_...",
    "timestamp": "2026-06-17T12:00:00.000Z"
  }
}
After save, Connect runs the vendor health probe with the request config. healthy reflects the probe at save time. Probe failures on POST do not return 502 — use GET /health for strict HTTP status semantics.

Errors

HTTPCodeWhen
400VALIDATION_ERRORMissing/invalid config
401UNAUTHORIZEDMissing/invalid API key
403FORBIDDENWrong scope (e.g. accounts only)
409INTEGRATION_EXISTSActive integration already exists
500INTERNAL_ERRORUnexpected failure
curl -s -X POST "https://connect.humanly.io/connect/stub/integrations" \
  -H 'Content-Type: application/json' \
  -H "x-api-key: $CUSTOMER_KEY" \
  -d '{
    "config": {
      "apiKey": "stub-test-vendor-key"
    }
  }'

GET /connect/{vendor}/health

Live connectivity check using stored credentials.

Healthy — 200 OK

{
  "data": {
    "healthy": true,
    "vendorStatus": "ok",
    "lastCheckedAt": "2026-06-17T12:00:00.000Z"
  },
  "meta": { "requestId": "...", "timestamp": "..." }
}
lastCheckedAt is the timestamp of this probe (not cached).

Unhealthy vendor state

When the vendor is reachable but reports unhealthy (timeout, rejected credentials, etc.), responses may use 502 or 504 with data.healthy: false in the success envelope, or a standardized error envelope for credential rejection:
SituationHTTPShape
General unhealthy probe502 / 504data.healthy: false, vendorStatus
Credential rejected (MS6+)502Error envelope VENDOR_AUTH_FAILED
See Error envelope for VENDOR_* codes.

Errors

HTTPCodeWhen
404INTEGRATION_NOT_FOUNDNo active integration for org + team + type
401 / 403UNAUTHORIZED / FORBIDDENAuth failures

DELETE /connect/{vendor}/integrations

Disconnect — removes the integration row.

Success — 200 OK

{
  "data": {
    "archived": true,
    "archivedAt": "2026-06-17T12:00:00.000Z"
  },
  "meta": { "requestId": "...", "timestamp": "..." }
}
archived: true is the partner-facing disconnect signal.

Errors

HTTPCodeWhen
404INTEGRATION_NOT_FOUNDNo integration to delete
401 / 403UNAUTHORIZED / FORBIDDENAuth failures

Stub vendor (non-production)

The stub vendor is available only when NODE_ENV is development, test, or staging. Use it for smoke tests — see Getting started.