Start or continue a multi-step custom auth flow
Drives a multi-step custom auth flow (browser redirects and/or server-side credential-exchange calls). Call it once with the flow inputs to start; if the response contains a redirect, open it, then call again with the returned sessionId and the provider’s callback params to continue. Repeat until the response contains a connection. Used by the prebuilt UI components; only providers whose ProviderInfo has customOpts.multiStep present can use this endpoint.
Authorizations
Body
Request body for the /custom-auth/connect endpoint. The first call supplies the flow inputs; subsequent calls supply sessionId and callbackParams to resume after a redirect.
The Ampersand project ID or project name. Required on the first call.
"my-project"
The provider that this app connects to. Required on the first call (when sessionId is not present); ignored on resume calls. Conditional requirement is enforced at the application layer.
"bill"
Your application's identifier for the organization or workspace that this connection belongs to. Supplied on the first call; ignored on resume calls (the parked flow's identity is used).
"group-123"
The display name for the group. Defaults to groupRef if not provided. Supplied on the first call; ignored on resume calls.
"Organization Name"
The ID that your app uses to identify the user whose SaaS credential will be used. Supplied on the first call; ignored on resume calls (the parked flow's identity is used).
"user_123456"
The display name for the consumer. Defaults to consumerRef if not provided. Supplied on the first call; ignored on resume calls.
"John Doe"
Additional provider-specific metadata collected from the user.
ID of the provider app. If omitted, the default provider app set up on the Dashboard is assumed.
"32356abe-d2fd-49c7-9030-abdcbc6456d4"
The consumer-supplied custom auth inputs (keyed by CustomAuthInput.name). Supplied on the first call (when sessionId is not present).
{
"userName": "admin@acme.com",
"password": "hunter2"
}Identifies an in-progress flow to resume after a redirect. Returned in a prior redirect response. When present, provider and customAuth are not required.
"7f3c1e2a-9b0d-4a1f-8c2e-1d2f3a4b5c6d"
The query/body params the provider sent to the callback, forwarded to resume the flow.
{
"tenant": "9e1477fd-54ef-41fe-b747-bc9e6a11a925"
}Response
OK
- Custom Auth Connect Response
- Custom Auth Connect Response
Response from /custom-auth/connect. Exactly one of redirect or connection is set. A redirect means the client should open the URL and call again with sessionId + callbackParams; a connection means the flow is complete.
Instructs the client to open a URL (e.g. in a popup) to continue a custom auth flow, then resume by calling /custom-auth/connect with the sessionId.

