# Bring your own provider

Bring your own provider lets you add custom providers to Agent Auth when the API you need is not available as a built-in provider.

Use bring your own provider to support unsupported SaaS APIs, partner systems, and internal APIs while keeping authentication, authorization, and secure API access in Scalekit.

Once the provider is created, you use the same Agent Auth flow as other providers: create a connection, create or fetch a connected account, authorize the user, and call the upstream API through Tool Proxy.

Custom providers appear alongside built-in providers when you create a connection in Scalekit:

![Custom provider shown alongside built-in providers in the provider selection view](@/assets/docs/agent-auth/bring-your-own-provider/custom-provider-in-catalog.png)

## Why use bring your own provider

Bring your own provider lets you:

- Extend Agent Auth beyond the built-in provider catalog without inventing a separate auth stack
- Bring unsupported SaaS APIs, partner systems, and internal APIs into the same secure access model
- Reuse connections, connected accounts, and user authorization instead of building one-off auth plumbing
- Keep credential handling, authorization, and governed API access centralized in Scalekit
- Move from provider definition to live upstream API calls through Tool Proxy using the same runtime model as other integrations
**Note:** Bring your own provider is for proxy-only connectors.

## How bring your own provider works

Bring your own provider uses the same Agent Auth model as built-in providers:

1. Create a provider definition
2. Create a connection in Scalekit Dashboard
3. Create a connected account and authorize the user
4. Use Tool Proxy to call the upstream API

Creating the provider defines how Scalekit should authenticate to the upstream API. After that, connections, connected accounts, user authorization, and Tool Proxy work the same way as they do for built-in providers.