> ## Documentation Index > Fetch the complete documentation index at: https://veryfront.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Integrations and OAuth > How Veryfront connects projects to external services. Integrations connect a project to external systems. The [integration catalog](/cloud/integration-catalog) covers more than 200 services: code hosts, messaging, CRM, payments, accounting, HR, e-commerce, cloud infrastructure, document intelligence, and AI providers. OAuth grants access for integrations that act on behalf of a user or workspace. Other integrations authenticate with credentials stored as project environment variables. ## How they fit together | Concept | Meaning | | ---------------- | ------------------------------------------------- | | Integration | External service connected to a project. | | OAuth connection | User or workspace authorization for that service. | | Integration tool | Callable action exposed by the connected service. | | Channel | Messaging surface connected to project work. | ## Auth models Each integration declares one auth model. The catalog lists the model per integration. | Model | How it authenticates | Example | | ------------------------------ | ------------------------------------------------------------------------------------------------------------------------- | ----------------------------- | | OAuth 2.0 | A user authorizes the connection in the provider's consent screen. Tokens refresh automatically. | GitHub, Gmail, HubSpot | | OAuth 2.0 (client credentials) | Veryfront mints machine-to-machine tokens from a client ID and secret in project environment variables. No user redirect. | PayPal, Personio, Ramp | | API key | A key from project environment variables is sent with each request, as a header or query parameter. | Stripe, OpenAI, Telegram | | Basic auth | A username and password pair from project environment variables. Some providers use an API key as the username. | WooCommerce, Chargebee, Neo4j | Each integration's setup guide names the exact environment variables, where to create the credentials, and how to get a test or sandbox account. Set them per environment as described in [Connect an integration](/cloud/integrations); locally they come from the project's `.env` file (see [Configuration](/code/guides/configuration)). ## Managed and bring-your-own OAuth apps For user-authorized OAuth integrations, Veryfront can host a managed OAuth app so a project connects without creating provider credentials. Credentials resolve in a fixed order: credentials stored on the project integration first, then `_CLIENT_ID` and `_CLIENT_SECRET` project environment variables, then the managed app. Your own OAuth app always wins over the managed one. Bring your own OAuth app when you need provider verification under your name, custom consent branding, or scopes the managed app does not request. If Connect fails without project credentials, no managed app is configured for that provider yet; create your own OAuth app from the integration's setup guide. ## Availability Integrations are either available by default or experimental. Default integrations appear in every project. Experimental integrations are hidden until the project sets `VERYFRONT_EXPERIMENTAL_INTEGRATIONS` to `all` or to a comma-separated list of integration names. ## Tools and write access Integration tools are the actions agents call: list invoices, send a message, create a record. Tools that change external state are marked as write tools. Read tools are safe to call when verifying a new connection. Connect only the services a project needs. Review connected accounts when project ownership or permissions change. ## Related * [Integration catalog](/cloud/integration-catalog): Every integration with auth model and tool count. * [Connect an integration](/cloud/integrations): Steps to connect a project to a service.