> ## Documentation Index
> Fetch the complete documentation index at: https://docs.runmorph.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Add connector authentication with granular scope authorization.

## It all starts with `<Connect />`

Configure your `<Connect />` component with the connector of your choice and the operations scope you'll need to build your integration.

<Frame>
  <img className="block dark:hidden" src="https://mintcdn.com/morph/bdASaBHIYigtna3W/images/feature-authentication-light.png?fit=max&auto=format&n=bdASaBHIYigtna3W&q=85&s=dbc66a8dd7fecf617742a71eb993f02e" alt="Hero Light" width="1568" height="1012" data-path="images/feature-authentication-light.png" />

  <img className="hidden dark:block" src="https://mintcdn.com/morph/bdASaBHIYigtna3W/images/feature-authentication-dark.png?fit=max&auto=format&n=bdASaBHIYigtna3W&q=85&s=104ab0e61ae04a06f3f012a89cebfd1e" alt="Hero Dark" width="1568" height="1012" data-path="images/feature-authentication-dark.png" />
</Frame>

Morph simplifies third-party authentication with a fully managed system that handles OAuth flows, token management, and scope authorization. Leverage our [100+ open-source connectors](./connectors) to integrate with popular platforms like [Salesforce](./connectors/salesforce), [HubSpot](./connectors/hubspot), and more in minutes instead of weeks.

<Check>
  **Live Demo** <br />
  Select a connector below to experience our seamless authentication flow and see
  how easy it is to connect third-party services.
</Check>

{" "}

<iframe src="https://atoms-playground.vercel.app?theme=light" width="100%" height="370px" className="block dark:hidden" />

<iframe src="https://atoms-playground.vercel.app?theme=dark" width="100%" height="370px" className="hidden dark:block" />

```typescript SSR component  theme={null}
import { Morph } from "@runmorph/cloud"; 
import { Connect } from "@runmorph/atoms";

// Initialize Morph client with your API credentials
const morph = new Morph({
  publicKey: process.env.MORPH_API_KEY!,
  secretKey: process.env.MORPH_API_SECRET!,
});

async function SalesforceConnectButton() {
// Generate a secure session token for the <Connect /> component
// This token allows your users to authenticate with third-party services
const { sessionToken } = await morph.sessions().create({
  connectorId: "salesforce",
  ownerId: "customer-123", // Unique identifier for your customer
  operations: [
    "genericContact::list"
  ],
});

// Render the <Connect /> component with the session token
return <Connect sessionToken={sessionToken} />;
}

export default SalesforceConnectButton;
```

Once authorized, you can leverage the connection to interact with unified data models or make direct API requests through our proxy.

```typescript Server theme={null}
import { Morph } from "@runmorph/cloud";

// Initialize Morph client with your API credentials
const morph = new Morph({
  publicKey: process.env.MORPH_API_KEY!,
  secretKey: process.env.MORPH_API_SECRET!,
});

// Load a connection
const connection = morph.connections({
  connectorId: "salesforce",
  ownerId: "customer-123",
});

// Access a specific resource model
const contacts = connection.resources("genericContact");

// Create a contact
const { data, error } = await contacts.create({
  firstName: "John",
  lastName: "Doe",
  email: "john.doe@corp.co",
});
```

## Next

<CardGroup cols={2}>
  <Card title="Models" icon="brackets-curly" iconType="duotone" color="#5e4dff" href="./feature-models">
    List, create, update seamlessly `contact`, `opportunity`, `ticket` and over{" "}
    <u>[30 other unified model](/models/all)</u> across all connectors,
    simplifying your integrations with a single codebase.
  </Card>

  <Card title="Bi-direction Synchronization" icon="arrow-right-arrow-left" iconType="duotone" color="#5e4dff" href="./feature-sync">
    Real-time bidirectional data synchronization between any connector's model
    (e.g `contact`) and your own database.

    <br />
  </Card>
</CardGroup>

## Security & Compliance

* All credentials are encrypted at rest

* Follows OAuth 2.0 best practices

* Compliant with security standards