The DropJune 17, 2026via Vercel Blog

Introducing Vercel Connect

Why it matters

Vercel Connect shifts agent security from 'store broad tokens and hope they don't leak' to runtime credential exchange with per-task scoping. For founders building agents, this is table-stakes infrastructure that moves secret management from app code to a managed platform layer.

Key signals

  • Runtime credential exchange replaces long-lived provider tokens
  • Supports Slack, GitHub, Linear, Discord, Notion, Salesforce, Figma, Snowflake with more coming
  • Token scoping: agents request only the access needed for each task (e.g., read-only on one GitHub repo)
  • OIDC identity proof—no provider secret stored in app
  • Trigger forwarding in beta for Slack, GitHub, Linear (webhook event-driven agents)
  • Per-user token scoping available
  • Pricing: Hobby 5K token requests/month free; Pro/Enterprise $3 per 10K requests
  • Integrates with AI SDK, MCP, Better Auth, Auth.js, Eve framework
  • Environment-level isolation (dev/preview/prod connectors separate)

The hook

Vercel just killed the long-lived API token. Agents now request scoped credentials at runtime instead—no secrets stored, no rotation headaches.

Giving your agents access to your tools, data, and services is what makes them useful. As agents perform deeper work across systems, authenticating and authorizing that access becomes central to your application architecture. Today, agent access is usually granted through long-lived provider tokens stored in your environment variables, provisioned for everything your agent might need. These tokens are shared across every user, never expire, and give your agent full reach across every task, no matter how small the job. A vault makes that token harder to steal. It doesn't make it less dangerous. The problem is what happens when the token leaks: everything it can touch is now exposed. We built to solve this problem. Now in Public Beta, Vercel Connect replaces the stored token with runtime credential exchange. You register a connector once. When your agent has work to do, your app proves its identity to Vercel Connect and gets back a short-lived credential, scoped to the task. Everything you used the token for still works. The agent just requests access each time instead of holding it.Vercel Connect A connector is a reusable connection between your Vercel team and a provider like Slack or GitHub. You create it once from the dashboard or the CLI, then attach it to the projects and environments that need it, with project-level access controls. The relationship with the provider becomes a single entity you can see and manage, not something scattered across a dozen environment variable panels where a rotation means hunting down every copy. Your coding agent can run this setup too. Install the vercel-connect skill with , and it can create and attach connectors for you.npx skills add vercel/vercel-plugin --skill vercel-connect With a connector in place, the agent asks for a credential only when it has work to do. The SDK returns a token you use immediately against the provider API, and no provider secret lives in your app.@vercel/connect Tokens are short-lived, with a lifet...

Get stories like this every Friday.

The 5 AI stories that matter — free, in your inbox.

Free forever. No spam.