Skip to content

feat: add per-user support via apiKey and userId#2

Open
samarsheikh001 wants to merge 1 commit intoComposioHQ:masterfrom
samarsheikh001:feat/per-user-support
Open

feat: add per-user support via apiKey and userId#2
samarsheikh001 wants to merge 1 commit intoComposioHQ:masterfrom
samarsheikh001:feat/per-user-support

Conversation

@samarsheikh001
Copy link

@samarsheikh001 samarsheikh001 commented Mar 14, 2026

Summary

Adds two new config fields for multi-tenant / B2C use cases where each user needs isolated Composio connected accounts:

  • apiKey (ak_...): Alternative to consumerKey for backend API / tool router endpoints. Uses x-api-key header instead of x-consumer-api-key.
  • userId: Per-user identifier appended as ?user_id= to the MCP URL when using apiKey mode. Scopes connected accounts per user.

Problem

The current plugin only supports consumerKey (ck_...) with the x-consumer-api-key header against connect.composio.dev/mcp. This means all agents using the same consumer key share a single identity — connected accounts from one user are visible to others. For multi-tenant B2C platforms deploying one agent per user, this is a blocker.

Solution

When apiKey is provided (instead of or alongside consumerKey), the plugin:

  1. Uses x-api-key header instead of x-consumer-api-key
  2. If userId is set, appends ?user_id={userId} to the MCP URL
  3. This allows connecting to backend API endpoints (backend.composio.dev/tool_router/trs_XXX/mcp or backend.composio.dev/v3/mcp/SERVER_ID) which support per-user scoping

Backwards Compatible

Existing consumerKey + connect.composio.dev setups continue to work unchanged. The new fields are optional and default to empty strings.

Config examples

Existing (unchanged):

{
  "consumerKey": "ck_your_key",
  "mcpUrl": "https://connect.composio.dev/mcp"
}

New — per-user via tool router session:

{
  "apiKey": "ak_your_key",
  "mcpUrl": "https://backend.composio.dev/tool_router/trs_XXX/mcp"
}

New — per-user via server ID + userId:

{
  "apiKey": "ak_your_key",
  "mcpUrl": "https://backend.composio.dev/v3/mcp/SERVER_ID",
  "userId": "user_123"
}

Files changed

  • src/types.ts — Added apiKey and userId to ComposioConfig
  • src/config.ts — Parse new fields from config/env vars (COMPOSIO_API_KEY, COMPOSIO_USER_ID, COMPOSIO_MCP_URL)
  • index.ts — Switch auth header based on credential type, append user_id to URL when applicable
  • openclaw.plugin.json — Added apiKey and userId to config schema + UI hints

Test plan

  • Existing consumerKey + default mcpUrl still works
  • apiKey with tool router URL connects successfully
  • apiKey + userId appends ?user_id= to URL
  • apiKey + userId with URL already containing ? uses &user_id=
  • Env vars COMPOSIO_API_KEY, COMPOSIO_USER_ID, COMPOSIO_MCP_URL are picked up
  • Error message updated to mention both credential options

@samarsheikh001
feat: add per-user support via apiKey and userId
a84990d 
Adds two new config fields for multi-tenant use cases:

- apiKey (ak_...): Alternative to consumerKey for backend API / tool
  router endpoints. Uses x-api-key header instead of
  x-consumer-api-key.
- userId: Per-user identifier appended as ?user_id= to the MCP URL
  when using apiKey mode. Scopes connected accounts per user.

This enables B2C platforms to deploy one agent per user with isolated
Composio connected accounts, instead of sharing a single identity via
consumerKey.

Backwards compatible — existing consumerKey + connect.composio.dev
setups continue to work unchanged.
@samarsheikh001 samarsheikh001 force-pushed the feat/per-user-support branch from 848a9e4 to a84990d Compare March 14, 2026 00:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@samarsheikh001