Integrations

Rekor isn't a closed system — it's designed to sit between your agents and external services. The integration primitives are organized by direction: data comes in (inbound webhooks), goes out (triggers), and passes through (external sources) — plus bulk operations and AI provider compatibility. When the far end of a trigger or external source is a service you build, that service is an executor — the counterparty, not a config primitive you create in Rekor.

Which Integration Do You Need?

You want to...Use
Receive data from an external system (GitHub, Stripe, PagerDuty)Inbound Webhooks (in)
Let agents read/write an external API through Rekor's toolsExternal Sources (through)
Notify an external system when data changes in RekorTriggers (out)
Build the service on the far end of a trigger or external sourceExecutors
Create many records, relationships, or record_types atomicallyBatch Operations
Import/export tool definitions for OpenAI, Anthropic, Google, MCPProvider Adapters

Data Flow

Three directions, plus the counterparty:

  • In — external systems push data into Rekor via inbound webhooks. Each one exposes a unique URL that accepts POST requests and creates records in a target record_type.
  • Out — Rekor reacts to data changes via triggers, which fire asynchronously after record creates, updates, or deletes: a signed outbound webhook to an external system, an internal write that applies a guarded patch to a referenced record, or an external write that mirrors the change out through an external source's write path (no executor).
  • Throughexternal sources proxy reads and writes to any REST API. The agent uses the same Rekor tools — it doesn't know whether data lives locally or in Stripe, Salesforce, or your internal API.

When a trigger or external source points at a service you build (rather than a third-party API), that service is an executor. An executor isn't something you configure in Rekor — it's the thing on the far end of the wire. Rekor signs every dispatch; the executor verifies it with rekor-sdk, does the work, and writes the result back into Rekor via an inbound webhook. See Building an Executor.

Combining Integrations

Integrations compose naturally. A common pattern:

  1. An inbound webhook receives a Stripe invoice event
  2. Rekor creates a record in the invoices record_type
  3. A trigger fires and notifies Slack about the new invoice
  4. An agent queries invoices through the sql_query tool

Loop prevention is built in: writes that originated from inbound webhooks carry a marker, and triggers skip inbound-webhook-originated writes by default.

Environment Restrictions

Inbound webhooks, triggers, and external source configs can only be created in preview bases. To add them to production, configure in preview and promote. Trigger and inbound-webhook signing secrets are regenerated on the production side during promotion — they are never copied from preview. An external source's credential is different: it is never carried across environments, so set it on the production base directly. Until you do, a newly promoted source stays unconfigured and requests to it fail with a clear "no usable credential configured" error. (A credential stored as a vault reference travels by reference and needs no extra step.)

All Integration Types

Setup — Rekor