Documentation Index
Fetch the complete documentation index at: https://tbd-6fc993ce-hypeship-intro-create-control-observe.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Collect credentials securely via Kernel’s hosted page, then use the authenticated session in your automations. This is the recommended approach for most applications.
Use the Hosted UI when:
- You need users to provide their credentials
- You want the simplest integration with minimal code
- You want Kernel to handle 2FA and multi-step login flows
Getting started
1. Create a Connection
A Managed Auth Connection attaches an authenticated domain to a profile so you can use the auth connection in future browsers. You can attach multiple auth connections to the same profile — one per domain — to keep several sites authenticated at once.
const auth = await kernel.auth.connections.create({
domain: 'linkedin.com',
profile_name: 'linkedin-profile', // Name of the profile to associate with the connection
});
2. Start a Login Session
Start a Managed Auth Session to get the hosted login URL.
const login = await kernel.auth.connections.login(auth.id);
3. Collect Credentials
Send the user to the hosted login page:
window.location.href = login.hosted_url;
- See the login page for the target website
- Enter their credentials
- Complete 2FA if needed
4. Poll for Completion
On your backend, poll until authentication completes:
let state = await kernel.auth.connections.retrieve(auth.id);
while (state.flow_status === 'IN_PROGRESS') {
await new Promise(r => setTimeout(r, 2000));
state = await kernel.auth.connections.retrieve(auth.id);
}
if (state.status === 'AUTHENTICATED') {
console.log('Authentication successful!');
}
Poll every 2 seconds. The session expires after 20 minutes if not completed, and the flow times out after 10 minutes of waiting for user input.
5. Use the Profile
Create browsers with the profile and navigate to the site. The browser session will already be authenticated:
const browser = await kernel.browsers.create({
profile: { name: 'linkedin-profile' },
stealth: true,
});
// Navigate to the site—you're already logged in
await page.goto('https://linkedin.com');
Managed Auth Connections are generated using Kernel’s stealth mode. Use stealth: true when creating authenticated browser sessions for the best experience. Complete Example
import Kernel from '@onkernel/sdk';
const kernel = new Kernel();
// Create connection
const auth = await kernel.auth.connections.create({
domain: 'doordash.com',
profile_name: 'doordash-user-123',
});
// Start authentication
const login = await kernel.auth.connections.login(auth.id);
// Send user to hosted page
console.log('Login URL:', login.hosted_url);
// Poll for completion
let state = await kernel.auth.connections.retrieve(auth.id);
while (state.flow_status === 'IN_PROGRESS') {
await new Promise(r => setTimeout(r, 2000));
state = await kernel.auth.connections.retrieve(auth.id);
}
if (state.status === 'AUTHENTICATED') {
const browser = await kernel.browsers.create({
profile: { name: 'doordash-user-123' },
stealth: true,
});
// Navigate to the site—you're already logged in
await page.goto('https://doordash.com');
}
Success / error redirects
To redirect the user back to your app once the flow finishes — for example, to auto-close the auth window inside a mobile in-app browser — append success_url and/or error_url query params to hosted_url. These mirror the onSuccess / onError callbacks exposed by the React Component.
success_url — visited when the session reaches SUCCESS. The hosted page appends profile_name and domain as query params.error_url — visited when the session reaches FAILED, CANCELED, or EXPIRED. The hosted page appends code (when present) and message as query params.
Any scheme is accepted, so mobile integrators can pass a custom scheme (myapp://auth/done) to bounce back into the host app.
const login = await kernel.auth.connections.login(auth.id);
const url = new URL(login.hosted_url);
url.searchParams.set("success_url", "https://example.com/connected");
url.searchParams.set("error_url", "https://example.com/auth-failed");
window.location.href = url.toString();
The hosted page redirects to whatever URL you pass. Only set these from your own trusted backend — never let an end user supply them directly.
Connection Configuration
Connection-level options — custom login URL, SSO/OAuth, custom proxy, session recording, post-login URL, and updates — apply equally to all integration flows and are documented in Connection Configuration.