Architecture

Configure Once, Use Everywhere

Provider connections are configured at the account level, not the workflow level. When you connect Salesforce, that connection becomes available to every workflow in your account — the marketing team's lead enrichment workflow, the estimating team's RFP workflow, and the operations team's order processing workflow all share the same authenticated connection.

Connections are stored encrypted in RenderDraw's secrets vault and rotated automatically where the provider supports token refresh (OAuth 2.0). API key connections support manual rotation with zero-downtime: add the new key, verify it, remove the old key.

Every API call made through a provider connection is logged in the workflow run audit trail — including the endpoint called, the response status, and the response time.

Provider Connection Setup

1
Navigate to Settings > Providers

Select the provider category and click "Add Connection"

2
Authenticate

OAuth redirect or paste API key — provider-dependent

3
Verify and Name

RenderDraw tests the connection and shows available resources

4
Use in any workflow block

The connection appears in the provider dropdown for all compatible blocks

Provider Category

CRM Providers

Salesforce

The most deeply integrated provider in RenderDraw. Supports OAuth 2.0 JWT bearer flow (recommended for production), username-password flow (dev/test), and connected app configuration.

Supported Operations

  • SOQL query (accounts, contacts, opportunities, custom objects)
  • Record create, update, upsert, delete
  • File attachment upload to ContentDocument
  • Platform Event publish and subscribe (trigger)
  • Change Data Capture subscribe (trigger)
  • Conga CPQ quote management (via CPQ API)
Auth: OAuth 2.0 (JWT / username-password)
📈

HubSpot

Connect to HubSpot CRM for company, contact, deal, and ticket operations. Supports HubSpot's private app access token model for straightforward integration without the OAuth redirect flow overhead.

Supported Operations

  • Object search and filter (companies, contacts, deals)
  • Record create and update
  • Deal stage update and pipeline management
  • Engagement (note, email) logging
Auth: Private App Token
💻

Microsoft Dynamics 365

Integrate with Dynamics 365 Sales, Customer Service, and custom Dataverse tables. Uses OAuth 2.0 with client credentials for server-to-server authentication — no user impersonation required.

Supported Operations

  • OData query on any Dataverse table
  • Record create, update, upsert
  • Opportunity and quote management
  • Custom API action invocation
Auth: OAuth 2.0 (client credentials)
Provider Category

ERP Providers

📊

SAP S/4HANA

Connect to SAP S/4HANA Cloud or on-premises via SAP Business Technology Platform (BTP) connectivity service. Supports OData V2/V4 APIs for materials, pricing, purchase orders, and custom CDS views.

Key Integration Points

  • Material pricing and availability via SD condition records
  • Bill of materials (BOM) read
  • Purchase requisition and purchase order create
  • Customer master data lookup
Auth: OAuth 2.0 (SAP BTP) or Basic (on-prem)
🏢

Oracle Fusion / EBS

Connect to Oracle Fusion Cloud ERP REST APIs or Oracle EBS SOAP/REST services via an on-premises agent. Supports procurement, inventory, and order management modules.

Key Integration Points

  • Item and pricing catalog lookup
  • Purchase order create and update
  • Inventory availability check
  • Supplier master query
Auth: OAuth 2.0 (Fusion) / Basic (EBS)
💻

Microsoft Dynamics 365 Finance & Operations

Connect to D365 F&O OData entities for procurement, inventory, and project accounting. Distinct from D365 Sales — uses the finance and operations data model with its own entity set.

Key Integration Points

  • Released products and pricing tiers
  • Vendor catalog and pricing agreements
  • Project cost estimate lookup
  • Inventory on-hand query
Auth: OAuth 2.0 (client credentials)
Provider Category

Document & Storage Providers

📃

Microsoft SharePoint / OneDrive

Read, write, and watch files in SharePoint document libraries and OneDrive folders. Uses Microsoft Graph API — same authentication as Teams and Outlook integration. Supports site pages, document libraries, lists, and file versioning.

Auth: OAuth 2.0 (Microsoft 365)
📄

Google Drive

Read and write files in Google Drive folders, including Google Sheets and Google Docs. Supports service account auth for unattended server-side access — no user OAuth redirect required in production.

Auth: OAuth 2.0 or Service Account JSON
💾

Cloud Storage (S3 / Azure / GCS / B2)

Read, write, and watch objects in Amazon S3, Azure Blob Storage, Google Cloud Storage, and Backblaze B2. Used for CAD file ingestion, generated PDF storage, and large document archives.

Auth: Access Key + Secret / Service Principal / Service Account
📧

Microsoft 365 Email (Exchange)

Send and receive email via Exchange Online / Outlook. Supports both delegated (user inbox) and application permissions (shared mailbox / functional address). Used for email triggers and delivery notification blocks.

Auth: OAuth 2.0 (Microsoft 365)
💌

Google Workspace Gmail

Send and receive email via Gmail. Supports service account domain-wide delegation for shared mailbox access without individual user OAuth consent in enterprise deployments.

Auth: OAuth 2.0 or Service Account (DWD)
📐

Procore Documents

Upload and manage documents, drawings, specifications, and submittals in Procore projects. Uses Procore's OAuth 2.0 app framework. Integrates with Procore's drawing log and RFI modules.

Auth: OAuth 2.0 (Procore App)
Provider Category

Project Management Providers

🏗

Procore

Deep integration with Procore project management — the most widely used construction management platform in the US. Connect workflows to Procore's project, RFI, submittal, drawing, and document modules.

See the Procore RFI automation workflow for AI classification, source-backed response drafting, reviewer gates, SLA tracking, and closeout audit logs.

See the Procore takeoff automation workflow for AI quantity extraction, pricing lookup, workbook generation, and estimator review gates.

Supported Operations

  • RFI create, update, read, list by project
  • Submittal create and status update
  • Drawing set and revision management
  • Daily log and observation create
  • Webhook event subscription (trigger)
  • Project and company directory lookup
Auth: OAuth 2.0 (Procore App Framework)
🛠

Autodesk Construction Cloud

Connect to Autodesk Construction Cloud (ACC) and BIM 360 for model management, issues, RFIs, and submittals. Supports ACC's unified Data Exchange platform for reading model properties and assemblies.

See the Autodesk takeoff automation workflow for AI extraction from ACC, BIM 360, Revit, DWG, IFC, PDF, and model export context.

Supported Operations

  • Model version and file management (Docs)
  • Issue create and update
  • RFI create, read, and update
  • Model properties extraction via Model Properties API
  • Webhook event subscription (trigger)
Auth: OAuth 2.0 (Autodesk Platform Services)
Provider Category

Communication Providers

💬

Slack

Send messages, post to channels, and deliver interactive approval notifications (Block Kit buttons) directly in Slack. Used for human gate notifications, workflow completion alerts, and team status updates.

  • Channel messages with rich formatting
  • Direct messages to named users
  • Block Kit interactive messages (approve/reject buttons)
  • File attachments via Slack Files API
Auth: Slack App OAuth (bot token)
💻

Microsoft Teams

Post adaptive card messages to Teams channels and users. Adaptive cards support approve/reject action buttons inline — reviewers can respond to human gate notifications without leaving Teams.

  • Channel and group chat messages
  • Adaptive card messages with action buttons
  • 1:1 message to named user
  • Meeting creation (via Graph API)
Auth: OAuth 2.0 (Microsoft 365)
📧

Email (SMTP / MailerSend)

Send transactional and workflow notification email via MailerSend, Mailgun, Microsoft 365 SMTP relay, or any SMTP server. Full HTML template support with workflow data injection for personalized delivery emails.

  • Templated HTML email with field injection
  • PDF and file attachments
  • Delivery receipts and open tracking (MailerSend)
  • BCC and CC support
Auth: API Key (MailerSend/Mailgun) or SMTP credentials
Security

Authentication Methods

🔓

OAuth 2.0

The preferred authentication method for cloud SaaS providers — Salesforce, Microsoft 365, Google Workspace, Autodesk, Procore, Slack. RenderDraw stores the refresh token encrypted in its secrets vault and handles token rotation automatically.

Supports authorization code flow (user delegates access), client credentials flow (machine-to-machine, no user), and JWT bearer flow (Salesforce-specific server-to-server).

🔑

API Key

For providers that use API key authentication — HubSpot private apps, custom REST APIs, some ERP connectors, Mailgun, MailerSend. Keys are stored encrypted and never exposed in plain text after initial entry. Supports key rotation with zero-downtime.

Per-connection access policies allow individual workflows to be restricted to specific provider connections — limiting blast radius if a workflow is misconfigured.

🔏

Webhook Secret (HMAC)

For inbound webhook triggers — Procore, GitHub, Shopify, and other systems that sign outbound webhooks with an HMAC-SHA256 signature. RenderDraw verifies the signature before accepting the payload as a trigger event.

Signed webhook verification prevents unauthorized trigger invocations even if the trigger endpoint URL is discovered.

Enterprise SSO and SAML. For enterprise deployments, RenderDraw supports SAML 2.0 SSO for platform user authentication via your organization's identity provider (Okta, Azure AD, Google Workspace, OneLogin). Provider connections use their own auth methods independently of platform SSO.

Full Provider Compatibility Table

Provider Category Trigger Support Read Write Auth Method
SalesforceCRMOAuth 2.0 JWT
HubSpotCRMPrivate App Token
Dynamics 365 SalesCRMOAuth 2.0
SAP S/4HANAERPOAuth 2.0 / Basic
Oracle FusionERPOAuth 2.0
D365 Finance & OpsERPOAuth 2.0
SharePoint / OneDriveDocumentsOAuth 2.0
Google DriveDocumentsOAuth / Service Account
Amazon S3StorageAccess Key + Secret
Azure Blob StorageStorageService Principal
ProcoreProject MgmtOAuth 2.0
Autodesk ACCProject MgmtOAuth 2.0
SlackCommunicationBot Token
Microsoft TeamsCommunicationOAuth 2.0
MailerSendEmailAPI Key
DocuSignE-SignatureOAuth 2.0
Conga CPQCPQOAuth 2.0 (via SF)

Connect Your Stack in Minutes

Connect your first provider — Salesforce, SAP, or SharePoint — and start building workflows that span your entire technology ecosystem.