Quartz 4

External SaaS Integrations Map

2 min read

External SaaS Integrations Map

This map catalogs every external SaaS platform that OpenClaw integrates with, grouped by functional category. Read this when assessing blast radius of a vendor outage, planning credential rotations, or identifying which KB doc to consult before touching an integration. The KB doc path pattern is workspace/knowledge-base/{platform}/.

Diagram

graph TD
    OC[OpenClaw VPS]

    subgraph CRM [CRM + Comms]
        HS[HubSpot]
        OP[OpenPhone]
        SM[SalesMsg]
        TW[Twilio Voice]
    end

    subgraph COLLAB [Collaboration + Alerts]
        DI[Discord]
        SL[Slack]
    end

    subgraph LLM [LLM + AI Routing]
        PK[Portkey :18900]
        AN[Anthropic]
        OR[OpenRouter]
        MK[Moonshot Kimi]
        VP[Voyage AI]
        PP[Perplexity]
    end

    subgraph INFRA [Infrastructure + Secrets]
        CF[Cloudflare]
        TS[Tailscale]
        HZ[Hetzner]
        AWS[AWS Mac Ultra]
        GH[GitHub]
        OP1[1Password]
    end

    subgraph FINANCE [Finance + Legal]
        ST[Stripe]
        DS[DocuSign]
    end

    subgraph MARKET [Marketplace + Data]
        IL[InvestorLift]
        IB[InvestorBase]
        CRMLS[CRMLS MLS]
        PS[PropStream]
    end

    OC --> CRM
    OC --> COLLAB
    OC --> LLM
    OC --> INFRA
    OC --> FINANCE
    OC --> MARKET

How to read this

  • CRM + Comms: Inbound webhooks arrive from HubSpot (:18790), OpenPhone (:18792), SalesMsg (:18793), and Twilio (:18797). All pass through the auth chain (see auth-chain-map).
  • LLM + AI Routing: All LLM calls route through Portkey at :18900. Portkey virtualizes provider routing — agents never call Anthropic/OpenRouter/Moonshot directly. Voyage handles vector embeddings for the 44-SQLite memory fleet.
  • Infra + Secrets: Cloudflare provides WAF + Tunnel. Tailscale provides Funnel (inbound webhooks) + Tailnet (VPS-to-Mac SSH). 1Password (op CLI) is the credential source — no plaintext keys in tracked files.
  • Finance + Legal: Stripe handles payment events; DocuSign triggers contract workflows via webhook (:18790 shared handler). DocuSign IP allowlist is enforced at CF WAF.
  • Marketplace + Data: InvestorLift scraping runs on AWS Mac Ultra (not VPS — VPS IP is CloudFront-blocked). InvestorBase, CRMLS, PropStream are read-only data sources for deal intake.
  • ports-topology — shows which local ports serve each CRM/Comms integration
  • mcp-server-catalog — MCP servers that expose some of these integrations as tools
  • auth-chain-map — how inbound webhooks from CRM+Comms are authenticated
  • cost-flow — how LLM provider calls are tracked and costed

See also

  • CLAUDE.md — “Platforms with KB docs” section (81 tracked platforms, KB path pattern)
  • ARCHITECTURE.md — Section 5 (External Integrations) with per-platform details
  • knowledge-base — individual platform KB docs (API.md, WEBHOOKS.md, CREDENTIALS.md per platform)
  • CLAUDE.md — InvestorLift Scraping section (ALWAYS via AWS Mac, never VPS Playwright)

Graph View

Backlinks