Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.dema.ai/llms.txt

Use this file to discover all available pages before exploring further.

Connecting an integration gives the Dema Agent access to a new set of tools that it can use during a conversation. The agent only acts when you ask it to, and every integration you connect is scoped to the permissions you approve.
Agent integrations are currently in Beta. We are rolling the feature out to workspaces over the coming weeks, so some of the integrations listed below may not be available in your workspace yet.

Supported integrations

Connecting an integration

Every integration is connected from the same place in the Dema app:
  1. Open Agents in the sidebar.
  2. Go to Settings and then Integrations.
  3. Pick the integration you want to connect and click Connect.
What happens next depends on the integration. You will see one of three flows:

One-click connect

You click Connect, sign in at the vendor, and approve the scopes Dema asks for. You are done. This covers most integrations.

Create an app at the vendor

A few vendors require you to create an OAuth app on their side first. The per-integration page walks through it. In short:
  1. Create the app in the vendor admin (Shopify Dev Dashboard, Snowflake, and so on).
  2. Copy the client ID, client secret, and your account URL.
  3. Paste the values into the Dema connect dialog.

API client credentials

A small number of vendors use long-lived API credentials instead of an interactive login. You create an API client in the vendor admin, copy the credentials, and paste them into Dema.
Each integration page tells you which flow to expect before you click Connect, so you can line up the required access in advance.

Managing a connection

Disconnecting from Dema

Go to Agents → Settings → Integrations, find the connected integration, and click Disconnect. The agent immediately loses access to that integration’s tools.

Revoking Dema’s access at the vendor

Disconnecting from Dema removes the credentials on our side. If you also want to revoke the authorization at the vendor, do it from the vendor’s own admin:
  • Most vendors expose a Connected apps or Authorized apps page where you can revoke Dema’s access in one click.
  • For integrations where you created an app yourself (Shopify, Snowflake, Commercetools), revoking the app in your admin is the equivalent step.

Best practices

Connect a dedicated agent account, not your personal one

For integrations that authenticate with a user account (Gmail, Google Sheets, Google Ads, Meta, and similar), we recommend creating a dedicated “agent” account at the vendor and connecting that account to Dema instead of your own personal one. Then share only the specific files, folders, properties, or ad accounts the agent needs to work with. This applies to most account-based integrations, not just Google Workspace. The same pattern works well for Google Ads, Meta, and other marketing platforms that grant access at the account level. The main reasons to do this:
  • Clear scope of access. The agent only sees what you explicitly share with the agent account. Your personal mailbox, drive, or unrelated ad accounts stay out of scope.
  • Easy to revoke. If you ever want to cut off access, you can remove the agent account or unshare specific resources without touching your own account or disrupting other workflows.
  • Better auditing and monitoring. Actions taken by the agent show up under a distinct identity in vendor audit logs, which makes it much easier to review what the agent did versus what a human teammate did.
  • Continuity when people leave. Access does not depend on any one employee’s account, so offboarding a team member does not break the agent’s connections.
Treat the agent account like any other shared service account: use a strong password, enable 2FA, and limit who in your organization can sign in to it.

Scope access to what the agent actually needs

Even with a dedicated agent account, only share the specific resources (a folder of spreadsheets, a single ad account, a particular inbox label, and so on) that the agent needs for its tasks. Broader access is easy to grant later if the use case grows.

Security

  • Credentials are stored securely and are only used to serve your agent’s requests.
  • Every integration page lists the exact scopes Dema requests so your security team can review before approving.
  • Dema refreshes access tokens automatically. If a refresh ever fails, the agent will stop using that integration and the connection will appear as expired. Reconnect from the same screen to restore access.

Tool permissions

Each integration exposes a mix of read and write tools.
  • Read tools let the agent fetch data (for example, list Shopify orders or search Slack messages).
  • Write tools let the agent make changes (for example, send a Slack message or update a customer tag).
The agent picks the right tool based on what you ask it to do. For sensitive operations, you can ask the agent to describe the change before it applies it.

Troubleshooting

Make sure you are signed in with an account that has permission to approve third-party apps or install integrations. If your organization restricts third-party app installs, ask an admin to complete the connection for you.
This happens when Dema cannot refresh the access token, usually because you revoked access at the vendor or rotated credentials. Click Reconnect on the integration card to re-authorize.
For integrations that require an account URL or MCP URL, the value must be an HTTPS URL pointing at your own tenant. Double-check the format shown in the input placeholder and that it matches your vendor account.
The scopes Dema requests may have expanded since you first connected. Disconnect and reconnect the integration to approve the new scopes.
If you are still stuck, contact support with the integration name and the error message you see.