← 返回 Skills 市场
makforce

Api Gateway 1.0.7

作者 Makforce · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
648
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install api-gateway-1-0-7
功能描述
API gateway for calling third-party APIs with managed auth. Use this skill when users want to interact with external services like Slack, HubSpot, Salesforce...
使用说明 (SKILL.md)

API Gateway

Passthrough proxy for direct access to third-party APIs using managed auth connections. The API gateway lets you call native API endpoints directly.

Quick Start

# Native Slack API call
curl -s -X POST "https://gateway.maton.ai/slack/api/chat.postMessage" -H "Content-Type: application/json" -H "Authorization: Bearer $MATON_API_KEY" -d '{"channel": "C0123456", "text": "Hello from gateway!"}'

IMPORTANT: If you receive a 500 Internal Server Error, this does NOT mean the service is unsupported. The most common cause is an expired OAuth refresh token (connections older than 1 month). See the "Troubleshooting 500 Internal Server Error" section below to create a new connection and retry with the new connection ID.

Base URL

https://gateway.maton.ai/{app}/{native-api-path}

Replace {app} with the service name and {native-api-path} with the actual API endpoint path.

Authentication

All requests require the Maton API key in the Authorization header:

Authorization: Bearer $MATON_API_KEY

The API gateway automatically injects the appropriate OAuth token for the target service.

Environment Variable: You can set your API key as the MATON_API_KEY environment variable:

export MATON_API_KEY="YOUR_API_KEY"

Getting Your API Key

  1. Sign in or create an account at maton.ai
  2. Go to maton.ai/settings
  3. Click the copy button on the right side of API Key section to copy it

Connection Management

Connection management uses a separate base URL: https://ctrl.maton.ai

List Connections

curl -s -X GET "https://ctrl.maton.ai/connections?app=slack&status=ACTIVE" -H "Authorization: Bearer $MATON_API_KEY"

Query Parameters (optional):

  • app - Filter by service name (e.g., slack, hubspot, salesforce)
  • status - Filter by connection status (ACTIVE, PENDING, FAILED)

Response:

{
  "connections": [
    {
      "connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
      "status": "ACTIVE",
      "creation_time": "2025-12-08T07:20:53.488460Z",
      "last_updated_time": "2026-01-31T20:03:32.593153Z",
      "url": "https://connect.maton.ai/?session_token=5e9...",
      "app": "slack",
      "metadata": {}
    }
  ]
}

Create Connection

curl -s -X POST "https://ctrl.maton.ai/connections" -H "Content-Type: application/json" -H "Authorization: Bearer $MATON_API_KEY" -d '{"app": "slack"}'

Get Connection

curl -s -X GET "https://ctrl.maton.ai/connections/{connection_id}" -H "Authorization: Bearer $MATON_API_KEY"

Response:

{
  "connection": {
    "connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
    "status": "ACTIVE",
    "creation_time": "2025-12-08T07:20:53.488460Z",
    "last_updated_time": "2026-01-31T20:03:32.593153Z",
    "url": "https://connect.maton.ai/?session_token=5e9...",
    "app": "slack",
    "metadata": {}
  }
}

Open the returned URL in a browser to complete OAuth.

Delete Connection

curl -s -X DELETE "https://ctrl.maton.ai/connections/{connection_id}" -H "Authorization: Bearer $MATON_API_KEY"

Specifying Connection

If you have multiple connections for the same app, you can specify which connection to use by adding the Maton-Connection header with the connection ID:

curl -s -X POST "https://gateway.maton.ai/slack/api/chat.postMessage" -H "Content-Type: application/json" -H "Authorization: Bearer $MATON_API_KEY" -H "Maton-Connection: 21fd90f9-5935-43cd-b6c8-bde9d915ca80" -d '{"channel": "C0123456", "text": "Hello!"}'

If omitted, the gateway uses the default (oldest) active connection for that app.

Supported Services

Service App Name Base URL Proxied
Airtable airtable api.airtable.com
Apollo apollo api.apollo.io
Asana asana app.asana.com
Calendly calendly api.calendly.com
Chargebee chargebee {subdomain}.chargebee.com
ClickUp clickup api.clickup.com
Fathom fathom api.fathom.ai
Google Ads google-ads googleads.googleapis.com
Google Analytics Admin google-analytics-admin analyticsadmin.googleapis.com
Google Analytics Data google-analytics-data analyticsdata.googleapis.com
Google Calendar google-calendar www.googleapis.com
Google Docs google-docs docs.googleapis.com
Google Drive google-drive www.googleapis.com
Google Forms google-forms forms.googleapis.com
Gmail google-mail gmail.googleapis.com
Google Meet google-meet meet.googleapis.com
Google Play google-play androidpublisher.googleapis.com
Google Search Console google-search-console www.googleapis.com
Google Sheets google-sheets sheets.googleapis.com
Google Slides google-slides slides.googleapis.com
HubSpot hubspot api.hubapi.com
Jira jira api.atlassian.com
JotForm jotform api.jotform.com
Klaviyo klaviyo a.klaviyo.com
Mailchimp mailchimp {dc}.api.mailchimp.com
Notion notion api.notion.com
Outlook outlook graph.microsoft.com
Pipedrive pipedrive api.pipedrive.com
QuickBooks quickbooks quickbooks.api.intuit.com
Salesforce salesforce {instance}.salesforce.com
Slack slack slack.com
Stripe stripe api.stripe.com
Trello trello api.trello.com
Typeform typeform api.typeform.com
WhatsApp Business whatsapp-business graph.facebook.com
WooCommerce woocommerce {store-url}/wp-json/wc/v3
Xero xero api.xero.com
YouTube youtube www.googleapis.com

See references/ for detailed routing guides per provider:

Examples

Slack - Post Message (Native API)

# Native Slack API: POST https://slack.com/api/chat.postMessage
curl -s -X POST "https://gateway.maton.ai/slack/api/chat.postMessage" -H "Content-Type: application/json; charset=utf-8" -H "Authorization: Bearer $MATON_API_KEY" -d '{"channel": "C0123456", "text": "Hello!"}'

HubSpot - Create Contact (Native API)

# Native HubSpot API: POST https://api.hubapi.com/crm/v3/objects/contacts
curl -s -X POST "https://gateway.maton.ai/hubspot/crm/v3/objects/contacts" -H "Content-Type: application/json" -H "Authorization: Bearer $MATON_API_KEY" -d '{"properties": {"email": "[email protected]", "firstname": "John", "lastname": "Doe"}}'

Google Sheets - Get Spreadsheet Values (Native API)

# Native Sheets API: GET https://sheets.googleapis.com/v4/spreadsheets/{id}/values/{range}
curl -s -X GET "https://gateway.maton.ai/google-sheets/v4/spreadsheets/122BS1sFN2RKL8AOUQjkLdubzOwgqzPT64KfZ2rvYI4M/values/Sheet1!A1:B2" -H "Authorization: Bearer $MATON_API_KEY"

Salesforce - SOQL Query (Native API)

# Native Salesforce API: GET https://{instance}.salesforce.com/services/data/v64.0/query?q=...
curl -s -X GET "https://gateway.maton.ai/salesforce/services/data/v64.0/query?q=SELECT+Id,Name+FROM+Contact+LIMIT+10" -H "Authorization: Bearer $MATON_API_KEY"

Airtable - List Tables (Native API)

# Native Airtable API: GET https://api.airtable.com/v0/meta/bases/{id}/tables
curl -s -X GET "https://gateway.maton.ai/airtable/v0/meta/bases/appgqan2NzWGP5sBK/tables" -H "Authorization: Bearer $MATON_API_KEY"

Notion - Query Database (Native API)

# Native Notion API: POST https://api.notion.com/v1/data_sources/{id}/query
curl -s -X POST "https://gateway.maton.ai/notion/v1/data_sources/23702dc5-9a3b-8001-9e1c-000b5af0a980/query" -H "Content-Type: application/json" -H "Authorization: Bearer $MATON_API_KEY" -H "Notion-Version: 2025-09-03" -d '{}'

Stripe - List Customers (Native API)

# Native Stripe API: GET https://api.stripe.com/v1/customers
curl -s -X GET "https://gateway.maton.ai/stripe/v1/customers?limit=10" -H "Authorization: Bearer $MATON_API_KEY"

Code Examples

JavaScript (Node.js)

const response = await fetch('https://gateway.maton.ai/slack/api/chat.postMessage', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': `Bearer ${process.env.MATON_API_KEY}`
  },
  body: JSON.stringify({ channel: 'C0123456', text: 'Hello!' })
});

Python

import os
import requests

response = requests.post(
    'https://gateway.maton.ai/slack/api/chat.postMessage',
    headers={'Authorization': f'Bearer {os.environ["MATON_API_KEY"]}'},
    json={'channel': 'C0123456', 'text': 'Hello!'}
)

Error Handling

Status Meaning
400 Missing connection for the requested app
401 Invalid or missing Maton API key
429 Rate limited (10 requests/second per account)
500 Internal Server Error (see troubleshooting below)
4xx/5xx Passthrough error from the target API

Errors from the target API are passed through with their original status codes and response bodies.

Troubleshooting 500 Internal Server Error

IMPORTANT: A 500 Internal Server Error does NOT mean the service is unsupported. If the app is listed in the Supported Services table above, the error is likely due to an expired OAuth refresh token.

When you receive a 500 Internal Server Error, ALWAYS follow these steps before concluding there is an issue:

Connections that have been active for more than 1 month may have expired OAuth refresh tokens. To resolve:

  1. Create a new connection for the app:

    curl -s -X POST "https://ctrl.maton.ai/connections" -H "Content-Type: application/json" -H "Authorization: Bearer $MATON_API_KEY" -d '{"app": "APP_NAME"}'

  2. Get the OAuth URL by calling the GET connection endpoint with the new connection ID from step 1:

    curl -s -X GET "https://ctrl.maton.ai/connections/NEW_CONNECTION_ID" -H "Authorization: Bearer $MATON_API_KEY"

  3. Share the returned url with the user and ask them to complete the OAuth flow in their browser.

  4. After the user completes OAuth, retry the original request using the new connection ID via the Maton-Connection header:

    curl -s -X GET "https://gateway.maton.ai/APP_NAME/..." -H "Authorization: Bearer $MATON_API_KEY" -H "Maton-Connection: NEW_CONNECTION_ID"

  5. Once the new connection status is ACTIVE and working, ask the user if they want to delete the old connection:

    curl -s -X DELETE "https://ctrl.maton.ai/connections/OLD_CONNECTION_ID" -H "Authorization: Bearer $MATON_API_KEY"

Rate Limits

  • 10 requests per second per account
  • Target API rate limits also apply

Notes

  • IMPORTANT: When using curl commands, use curl -g when URLs contain brackets (fields[], sort[], records[]) to disable glob parsing
  • IMPORTANT: When piping curl output to jq or other commands, environment variables like $MATON_API_KEY may not expand correctly in some shell environments. You may get "Invalid API key" errors when piping.

Tips

  1. Use native API docs: Refer to each service's official API documentation for endpoint paths and parameters.

  2. Headers are forwarded: Custom headers (except Host and Authorization) are forwarded to the target API.

  3. Query params work: URL query parameters are passed through to the target API.

  4. All HTTP methods supported: GET, POST, PUT, PATCH, DELETE are all supported.

  5. QuickBooks special case: Use :realmId in the path and it will be replaced with the connected realm ID.

Optional

安全使用建议
This skill appears to be what it says — a proxy that injects OAuth tokens for many third‑party APIs — but there are two things to verify before using it: (1) the package metadata and SKILL.md disagree about required credentials: SKILL.md requires MATON_API_KEY but the registry metadata listed no required env vars. Ask the publisher to correct/confirm the declared requirements. (2) The owner metadata in _meta.json appears different from the registry owner id and the skill has no homepage or source URL; confirm the publisher identity (maton.ai) and that you trust them to proxy your API calls and tokens. If you proceed, use a least-privilege Maton API key (scoped and revocable), avoid sending highly sensitive secrets through the gateway, and test with non‑production data first. If the publisher can provide an authoritative homepage, source repo, and updated registry metadata that declares MATON_API_KEY explicitly and explains the owner id discrepancy, that would increase confidence and could change this assessment to benign.
功能分析
Type: OpenClaw Skill Name: api-gateway-1-0-7 Version: 1.0.0 The skill bundle provides an API gateway for interacting with numerous legitimate third-party services (e.g., Slack, HubSpot, Google, Stripe). The `SKILL.md` provides extensive, detailed instructions for the AI agent on how to use the gateway, manage OAuth connections, and troubleshoot issues, including an interactive OAuth flow with the user. The `references/` directory contains comprehensive documentation for each supported API, outlining standard operations. There is no evidence of intentional harmful behavior such as data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent's core function or steal unrelated data. All instructions and code examples align with the stated purpose of providing a managed API proxy.
能力评估
Purpose & Capability
The skill is an API gateway/proxy for many third‑party services and the SKILL.md and reference files consistently describe proxy routing for many common APIs — this aligns with the name/description. However, registry metadata reported 'Required env vars: none' and 'Primary credential: none' while SKILL.md explicitly requires a MATON_API_KEY; that mismatch is unexpected and unexplained.
Instruction Scope
The runtime instructions are narrowly scoped to calling gateway.maton.ai and control endpoints (ctrl.maton.ai/connect.maton.ai) using the MATON_API_KEY and optional Maton-Connection header. The instructions do not direct the agent to read arbitrary local files, other environment variables, or system configuration beyond the single API key.
Install Mechanism
This is instruction-only (no install spec, no code files executed at install). That is the lowest install risk: nothing is downloaded or written to disk during install according to the package data.
Credentials
The gateway needs a single API key (MATON_API_KEY) which is proportionate to a proxy service; however the registry listing did not declare any required env vars or primary credential while the SKILL.md makes MATON_API_KEY mandatory. That inconsistency is a red flag. Also note that using this skill routes OAuth tokens and API calls through a third party (maton.ai), which means sensitive API requests and tokens will transit Maton's infrastructure — you should only use a gateway you trust and ideally issue a limited-scope/least-privilege key.
Persistence & Privilege
The skill does not request always:true and does not install persistent components. It is user-invocable and allows autonomous invocation (platform default), which is normal for skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install api-gateway-1-0-7
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /api-gateway-1-0-7 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of api-gateway skill. - Provides a passthrough proxy for direct access to 35+ third-party APIs (Slack, HubSpot, Salesforce, Google Workspace, Stripe, and more) - Enables managed OAuth authentication and connection management via Maton platform - Includes guides for API key setup, connection creation, and specifying connections per request - Documents endpoints and base URLs for supported services - Offers troubleshooting steps for common errors (e.g., 500 Internal Server Error due to expired tokens)
元数据
Slug api-gateway-1-0-7
版本 1.0.0
许可证
累计安装 3
当前安装数 3
历史版本数 1
常见问题

Api Gateway 1.0.7 是什么?

API gateway for calling third-party APIs with managed auth. Use this skill when users want to interact with external services like Slack, HubSpot, Salesforce... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 648 次。

如何安装 Api Gateway 1.0.7?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install api-gateway-1-0-7」即可一键安装,无需额外配置。

Api Gateway 1.0.7 是免费的吗?

是的,Api Gateway 1.0.7 完全免费(开源免费),可自由下载、安装和使用。

Api Gateway 1.0.7 支持哪些平台?

Api Gateway 1.0.7 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Api Gateway 1.0.7?

由 Makforce(@makforce)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论