# Connecting third-party apps

Mechanic's [built-in integrations](/platform/integrations.md) cover popular services like Slack, Airtable, and Google Sheets — but they're just the beginning. Mechanic can connect to virtually any service that offers an HTTP API or outbound webhooks, making it a universal automation hub for your Shopify store.

## Built-in integrations at a glance

### OAuth-managed integrations

These integrations are authenticated via **Settings → Authentication** in Mechanic, so you don't need to manage API keys yourself.

| Integration                                                               | What it does                                  |
| ------------------------------------------------------------------------- | --------------------------------------------- |
| [Airtable](/platform/integrations/airtable.md)                            | Read/write records, comments, and schemas     |
| [Google Drive](/platform/integrations/google-drive-and-google-sheets.md)  | Create and upload files, manage folders       |
| [Google Sheets](/platform/integrations/google-drive-and-google-sheets.md) | Create spreadsheets, append rows, export data |
| [Slack](/platform/integrations/slack.md)                                  | Send messages and post to channels            |

### Webhook-based integrations

These integrations push events into Mechanic automatically. Configure them to send data to a Mechanic webhook URL.

| Integration                                                              | What it does                  |
| ------------------------------------------------------------------------ | ----------------------------- |
| [Appstle Subscriptions](/platform/integrations/appstle-subscriptions.md) | Subscription lifecycle events |
| [Judge.me](/platform/integrations/judge.me.md)                           | Review events                 |
| [Locksmith](/platform/integrations/locksmith.md)                         | Access control events         |
| [Report Toaster](/platform/integrations/report-toaster.md)               | Report and update events      |
| [Shopify Flow](/platform/integrations/shopify-flow.md)                   | Bi-directional Flow triggers  |

## Connecting apps without a built-in integration

Any app with an HTTP API or webhook support can be connected to Mechanic using two general patterns: **receiving data** (ingress) and **sending data** (egress).

### Receiving data from external apps

#### Webhooks

Most third-party apps can send outbound webhooks. Create a webhook in Mechanic (**Settings → Mechanic webhooks**), then point the external app at the resulting URL. Incoming data arrives as a `user/` event that your tasks can subscribe to.

{% hint style="info" %}
See [Mechanic webhooks](/platform/webhooks.md) for setup details, and [Creating a Mechanic webhook](/resources/tutorials/creating-a-mechanic-webhook.md) for a step-by-step tutorial.

For Shopify-side filtering or payload customization (including metaobject events), see [Custom Shopify webhooks](/platform/shopify/custom-webhooks.md) instead — that's a different feature for routing Shopify deliveries onto Mechanic topics.
{% endhint %}

#### Scheduled polling

For apps that don't support outbound webhooks, use a scheduler subscription (e.g. `mechanic/scheduler/hourly`) paired with an [HTTP action](/core/actions/http.md) to pull data on a schedule.

#### Inbound email

Some services can send data via email. Mechanic can receive and process inbound emails as events. See [Receiving email](/platform/email/receiving-email.md).

### Sending data to external apps

#### HTTP action

The [HTTP action](/core/actions/http.md) supports GET, POST, PUT, PATCH, and DELETE requests with custom headers, authentication, and request bodies. It handles JSON, form-encoded, and multipart payloads.

#### FTP action

The [FTP action](/core/actions/ftp.md) uploads files to external SFTP and FTP servers — useful for EDI integrations, bulk data feeds, and partners that accept file drops.

#### Files and cache endpoints

Generate files (PDFs, CSVs, ZIPs) using [file generator actions](/core/actions/files.md), then make them available at a public URL via [cache endpoints](/platform/cache/endpoints.md) for external services to fetch.

### Handling authentication

Most third-party APIs require authentication. The HTTP action supports several common methods:

* **API key / token in headers** — The most common approach. Add an `Authorization` or custom header with your API key.
* **Basic auth** — Supported natively by the HTTP action. Supply a username and password.
* **Query string tokens** — Some APIs accept a key as a URL parameter.

{% hint style="warning" %}
OAuth-based APIs that require interactive user authorization are only supported for Mechanic's [built-in OAuth integrations](/platform/integrations.md#oauth). You cannot perform an OAuth authorization flow for arbitrary third-party services.
{% endhint %}

## Example: Connecting a subscription app

This example shows how to connect a subscription management app (like Recharge or Appstle) that has its own API and webhook support.

### Receiving subscription events

1. In Mechanic, go to **Settings → Mechanic webhooks** and create a new webhook — for example, named `recharge`.
2. Copy the webhook URL and configure it in the subscription app's webhook settings.
3. Create a Mechanic task subscribed to the resulting event topic (e.g. `user/webhook/recharge`).

### Calling the subscription app's API

Use the HTTP action with an API key header to call the app's API:

```liquid
{% action "http" %}
  {
    "method": "GET",
    "url": "https://api.example-app.com/subscriptions/{{ subscription_id }}",
    "headers": {
      "X-Api-Key": "{{ options.api_key__required }}"
    }
  }
{% endaction %}
```

### Updating Shopify in response

Combine the external API call with Shopify actions to keep your store in sync:

```liquid
{% action "shopify" %}
  mutation {
    tagsAdd(
      id: "gid://shopify/Customer/{{ customer_id }}"
      tags: ["active-subscriber"]
    ) {
      node { id }
      userErrors { field message }
    }
  }
{% endaction %}
```

## Limitations and best practices

* **No arbitrary OAuth** — Interactive OAuth authorization flows are only available for built-in integrations. For other services, use API keys or tokens.
* **Execution limits** — Mechanic tasks run within memory and time limits. For large data sets, use [bulk operations](/core/shopify/bulk-operations.md) or paginated polling.
* **Validate webhook payloads** — When receiving data from external services, consider [securing your Mechanic webhooks](/techniques/securing-mechanic-webhooks.md) to verify authenticity.

{% hint style="info" %}
For advanced patterns — including JSON Web Signatures, AWS request signatures, and paginated API calls — see [Working with external APIs](/techniques/working-with-external-apis.md).
{% endhint %}

## Next steps

* Browse the [task library](https://tasks.mechanic.dev/) for existing integrations with third-party services
* [I need something custom!](/custom.md) — Get help building a custom integration
* Join the [Mechanic Slack community](/resources/slack.md) to ask questions and share solutions


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://learn.mechanic.dev/platform/integrations/connecting-third-party-apps.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.