If curl can call it, an agent can.
Any HTTP endpoint becomes a first-class Appstrate provider in 2 minutes. Modern REST, legacy SOAP façades, partner APIs, internal services. Your 2008 stack is invited.
Your agents will need to talk to systems nobody will ever package for you.
Real enterprises don't run on Gmail and Notion. They run on an ERP installed in 2011, a mainframe with a REST façade bolted on in 2018, an internal Rails app one team maintains, a partner API delivered as a PDF, and a billing system whose vendor went bankrupt six years ago. Every AI platform that ships a catalog is implicitly saying: agents are for greenfield SaaS only.
Appstrate makes that assumption explicit — and wrong. Any HTTP endpoint with one of the five supported auth modes (OAuth2, OAuth1, API key, Basic, multi-field custom) becomes a provider. Open the editor, fill the form, save. Your agents can call it. Credentials stay in the sidecar, the URI allowlist bounds the blast radius, and SSRF protection keeps private services safe. Same pipeline as the built-ins, zero wait, zero vendor roadmap dependency.
**"Our billing system is a 15-year-old Oracle Forms app with a REST layer bolted on. Does it work?"** — Yes. **"Our partner sent us an OpenAPI spec and a set of API keys — that's it."** — Two minutes. **"The API only accepts a custom `X-Tenant-Id` header plus a rotating HMAC signature."** — Custom auth mode, multi-field credential schema, done.
Three kinds of APIs. One form. One pipeline.
Whether it's your legacy ERP with a REST façade, a partner's idiosyncratic B2B API, or your internal Flask app running on one VM in the corner of a DC — the flow is identical. Provider editor → auth mode → authorized URIs → save. The editor generates a valid AFPS manifest. Credentials encrypt at rest (AES-256-GCM), the sidecar injects them at call time, agents never see the raw values.
{
"$schema": "https://afps.appstrate.dev/schema/v1/provider.schema.json",
"name": "@acme/billing",
"version": "1.0.0",
"type": "provider",
"displayName": "Internal Billing",
"description": "Acme internal billing API.",
"categories": ["internal"],
"definition": {
"authMode": "api_key",
"credentials": {
"schema": {
"type": "object",
"properties": { "apiKey": { "type": "string" } },
"required": ["apiKey"]
},
"fieldName": "apiKey"
},
"credentialHeaderName": "X-Api-Key",
"authorizedUris": ["https://billing.internal.acme/*"],
"allowAllUris": false
}
}What makes it work.
Legacy backends welcome
Your 2008 ERP with a REST façade, your SOAP-over-HTTP adapter, your on-prem middleware. If it speaks HTTP, it qualifies.
Partner & B2B APIs
The endpoint your biggest client sent you as a PDF. The one vendor with 12 customers and zero SDK. A provider in minutes.
Internal services, safely
Your Flask app on one VM. Your homegrown intranet API. authorizedUris allowlist + SSRF blocklist — private IPs and loopback excluded by default.
Five auth modes
OAuth2 (+PKCE), OAuth1, API key, HTTP Basic, or multi-field custom. Covers almost every real-world API, including the weird ones.
Sidecar credential isolation
AES-256-GCM at rest. Injected at proxy time. The agent never sees the raw credential — same guarantee as the built-ins.
Form-based authoring
No TypeScript, no CLI, no npm, no registry. Provider editor → auth mode → save. Your non-dev ops team can do it.
If it speaks HTTP, your agents can call it.
Works with the stack you actually have — not the one a vendor wishes you had.