API Gateway
API gateway for calling third-party APIs with managed auth. Use this skill when users want to interact with external services like Slack, HubSpot, Salesforce, Google Workspace, Stripe, and more.
Why this rating
Deterministic checks triggered by the tool capabilities and evidence.
- Locality: Hybrid
Sends requests to Maton-hosted gateway/control endpoints and connected third-party APIs.
- Data access: Sensitive
Can access connected services (for example email, CRM, calendar, and billing data) through proxied APIs.
- Action surface: Write
Supports POST/PUT/PATCH/DELETE operations against native third-party API endpoints.
Best practices
Follow these steps to reduce risk when using this skill.
- Use dedicated least-privileged OAuth connections and scopes for each service.
- Review endpoint and payload details before running POST/PUT/PATCH/DELETE requests.
- Store MATON_API_KEY in a secure secret store and rotate it regularly.
Evidence links
Public sources backing the indicator assignments.
Always be careful when navigating away from the website.
Max-risk rule
If any capability reaches a higher level, the entire indicator level bumps up to keep ratings deterministic and easy to scan.