Connection Access
Connections run inside the security context of the request that invokes the flow. A flow can include a Connection node in the editor, but the node can only invoke the connection at runtime when the running user or agent identity has access to that connection.
If a flow run fails with a message that the connection cannot be accessed in the current security context or does not exist, check the identity that started the run and the permissions granted to that identity.
Interactive flow runs
For runs started by a signed-in BotDojo user, the user must be allowed to invoke the connection. Access can come from either:
- A user group that grants access to the connection.
- Project administrator access to the project where the connection is configured.
The user also needs access to the flow being run. Flow access alone is not enough to invoke a connection if the user cannot access that connection.
External API runs
For runs started through the BotDojo API, the API key user must be scoped to the target flow and the run must execute as an agent identity that has access to the connection.
Use this setup when exposing a flow externally:
- Scope the API key user to the flow that should be callable.
- Configure the flow run to execute as the intended agent identity.
- Grant that agent identity access to every connection the flow may invoke.
If the API key can start the flow but the agent identity cannot access a connection, the Connection node will fail at runtime.
Shared connections
Shared connections are still checked against the runtime security context. A connection shared from another project can appear in the editor, but the run still needs an identity that is allowed to invoke the shared connection.
When troubleshooting a shared connection:
- Confirm the connection still exists in the project where it is configured.
- Confirm the running user or agent identity has been granted access to the connection.
- Confirm the flow is not being invoked by an API key or agent identity with narrower permissions than the user who configured the node.