vikarti.anatra/Skyvern
1
0
Fork 0
mirror of https://github.com/Skyvern-AI/skyvern.git synced 2026-04-28 11:40:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

suchintan's feedback + changelog (#4947)
Some checks are pending
Run tests and pre-commit / Run tests and pre-commit hooks (push) Waiting to run
Details
Run tests and pre-commit / Frontend Lint and Build (push) Waiting to run
Details
Publish Fern Docs / run (push) Waiting to run
Details

Browse source 
Co-authored-by: Ritik Sahni <ritiksahni0203@gmail.com>
This commit is contained in:
Naman 2026-03-03 00:11:31 +05:30 committed by GitHub
parent a4d9c9dd22
commit 59cd1e10bb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
29 changed files with 885 additions and 148 deletions
Download patch file Download diff file Expand all files Collapse all files

127
docs/changelog.mdx Normal file
View file

@ -0,0 +1,127 @@
---
title: "Changelog"
description: "New features, improvements, and fixes in Skyvern"
---
<Update label="v1.0.22 — February 26, 2026" description="Adaptive caching, Workflow Trigger block, CLI signup, and more">
## New features
- **Adaptive Caching (Script Generation)** — Skyvern can now learn from repeated workflow runs and generate cached scripts that speed up future executions. When a block runs successfully, Skyvern records a reusable script and replays it on subsequent runs, falling back to the AI agent only if the script fails. ([#4908](https://github.com/Skyvern-AI/skyvern/pull/4908), [#4916](https://github.com/Skyvern-AI/skyvern/pull/4916), [#4917](https://github.com/Skyvern-AI/skyvern/pull/4917), [#4920](https://github.com/Skyvern-AI/skyvern/pull/4920), [#4922](https://github.com/Skyvern-AI/skyvern/pull/4922), [#4931](https://github.com/Skyvern-AI/skyvern/pull/4931))
- **Workflow Trigger Block** — A new block type that lets one workflow trigger another from within the workflow editor. Chain workflows together as building blocks for complex automations. ([#4885](https://github.com/Skyvern-AI/skyvern/pull/4885))
- **Browser-based CLI Signup** — New users can sign up for Skyvern Cloud directly from the CLI. Running `skyvern signup` opens a browser flow that creates your account and stores your API key locally. ([#4925](https://github.com/Skyvern-AI/skyvern/pull/4925))
- **Interactive ngrok Tunnel** — `skyvern browser serve` can now create an ngrok tunnel automatically, making it easy to expose your local browser to Skyvern Cloud without manual network configuration. ([#4924](https://github.com/Skyvern-AI/skyvern/pull/4924))
- **South Korea Proxy Location** — Added `RESIDENTIAL_KR` as a proxy geolocation option for automations targeting South Korean websites. ([#4918](https://github.com/Skyvern-AI/skyvern/pull/4918))
- **Downloaded Files Tab** — Browser session detail pages now include a Downloaded Files tab for viewing and accessing files captured during a session. ([#4911](https://github.com/Skyvern-AI/skyvern/pull/4911))
- **CDP Proxy Authentication** — Remote browser connections now support authenticated proxies via the CDP `Fetch.authRequired` protocol. ([#4936](https://github.com/Skyvern-AI/skyvern/pull/4936))
- **Remote Browser Download Interception** — File downloads triggered by XHR requests and other non-navigation events are now captured when using remote CDP browser connections. ([#4906](https://github.com/Skyvern-AI/skyvern/pull/4906), [#4921](https://github.com/Skyvern-AI/skyvern/pull/4921), [#4934](https://github.com/Skyvern-AI/skyvern/pull/4934))
## Improvements
- **Renamed "Login-Free" to "Saved Profile"** — Clearer terminology throughout the UI. Browser session checkbox wording has also been improved. ([#4914](https://github.com/Skyvern-AI/skyvern/pull/4914))
- **TOTP Verification Improvements** — Better timer handling, expired code retry, 2FA banner suppression, and more reliable goal-text extraction during TOTP flows. ([#4860](https://github.com/Skyvern-AI/skyvern/pull/4860))
- **TOTP Webhook includes `workflow_permanent_id`** — Easier to identify which workflow is requesting a 2FA code. ([#4871](https://github.com/Skyvern-AI/skyvern/pull/4871))
- **Consolidated Gemini 3 Pro Model Key** — `VERTEX_GEMINI_3_PRO` now auto-resolves to the latest version, so you no longer need to update config when Google releases point versions. ([#4926](https://github.com/Skyvern-AI/skyvern/pull/4926))
- **Browser Rotation for Remote Connections** — Remote browser environments now support context rotation, improving reliability for long-running automations. ([#4929](https://github.com/Skyvern-AI/skyvern/pull/4929))
## Bug fixes
- Fixed a race condition where final task status could be overwritten by a late-arriving non-final status. ([#4928](https://github.com/Skyvern-AI/skyvern/pull/4928))
- Conditional blocks no longer crash when evaluating empty or null parameters. ([#4907](https://github.com/Skyvern-AI/skyvern/pull/4907))
- Browser sessions using `FORCE_BROWSER_SESSION` no longer time out prematurely. ([#4903](https://github.com/Skyvern-AI/skyvern/pull/4903))
- SVG-based captcha text is now correctly extracted during DOM scraping. ([#4880](https://github.com/Skyvern-AI/skyvern/pull/4880))
- MCP remote tool handlers now route to the correct API environment. ([#4869](https://github.com/Skyvern-AI/skyvern/pull/4869))
- MCP remote auth token comparison no longer fails on encrypted tokens. ([#4863](https://github.com/Skyvern-AI/skyvern/pull/4863))
- `skyvern quickstart` now handles local PostgreSQL without a pre-existing `skyvern` role. ([#4878](https://github.com/Skyvern-AI/skyvern/pull/4878))
- WebSocket URLs through ngrok tunnels now rewrite correctly for live browser streaming. ([#4927](https://github.com/Skyvern-AI/skyvern/pull/4927))
</Update>
<Update label="v1.0.21 — February 24, 2026" description="Reserved parameters, data_schema for loops, new LLM models">
## New features
- **`current_date` Reserved Parameter** — Workflows now have a built-in `current_date` parameter that resolves to today's date automatically. ([#4854](https://github.com/Skyvern-AI/skyvern/pull/4854))
- **Reserved Parameters in Block Editor** — The workflow block parameter picker now shows reserved system parameters, making them discoverable without memorizing names. ([#4857](https://github.com/Skyvern-AI/skyvern/pull/4857))
- **Natural Language Loop `data_schema`** — Loop blocks driven by natural language extraction now support a `data_schema` field for consistent output structure. ([#4851](https://github.com/Skyvern-AI/skyvern/pull/4851))
- **Gemini 3.1 Pro and Inception Mercury-2** — Two new LLM engine options for your automations. ([#4847](https://github.com/Skyvern-AI/skyvern/pull/4847))
- **MCP Server on API Service** — The MCP remote server is now mounted at `/mcp` on the existing API, eliminating the need for a separate process. ([#4843](https://github.com/Skyvern-AI/skyvern/pull/4843))
## Improvements
- Workflow save validation (HTTP 422) now returns clear, field-level error messages. ([#4852](https://github.com/Skyvern-AI/skyvern/pull/4852))
- Browser launch errors now show actionable messages instead of raw exceptions. ([#4844](https://github.com/Skyvern-AI/skyvern/pull/4844))
- Cloud LLM fallback overrides are now properly applied when selecting models. ([#4839](https://github.com/Skyvern-AI/skyvern/pull/4839))
## Bug fixes
- Conditional blocks no longer crash when all branches use Jinja templates. ([#4849](https://github.com/Skyvern-AI/skyvern/pull/4849))
- Conditional blocks no longer misinterpret resolved Jinja template variables. ([#4841](https://github.com/Skyvern-AI/skyvern/pull/4841))
</Update>
<Update label="v1.0.18 — February 19, 2026" description="Browser profile testing and saved-profile workflows">
## New features
- **Browser Profile Testing** — Test browser profiles directly from the UI to verify that saved login sessions are still valid. Workflows can also run with a saved browser profile, enabling login-free automations that reuse authenticated sessions. ([#4818](https://github.com/Skyvern-AI/skyvern/pull/4818))
## Bug fixes
- When both a TOTP credential and a webhook are configured for 2FA, the credential is now correctly prioritized. ([#4811](https://github.com/Skyvern-AI/skyvern/pull/4811))
</Update>
<Update label="v1.0.17 — February 19, 2026" description="Skills package and cached script management">
## New features
- **Skyvern Skills Package** — The new `skyvern skill` CLI command provides pre-built workflow templates and reference documentation for common automation patterns. ([#4817](https://github.com/Skyvern-AI/skyvern/pull/4817))
- **Clear Cached Scripts API** — A new endpoint lets you clear cached automation scripts for a workflow when a target website changes and you want to force Skyvern to re-learn. ([#4809](https://github.com/Skyvern-AI/skyvern/pull/4809))
</Update>
<Update label="v1.0.16 — February 19, 2026" description="2FA detection, full CLI parity, Claude Opus 4.6 CUA">
## New features
- **Automatic 2FA Detection Without TOTP Credentials** — Skyvern now detects when a website asks for a 2FA code even without pre-configured TOTP credentials. The system pauses and waits for you to provide the code via the UI or webhook. ([#4786](https://github.com/Skyvern-AI/skyvern/pull/4786))
- **Full CLI Parity with MCP** — The CLI now supports browser session management, credential management, block operations, and enhanced workflow commands. Everything available through MCP is now accessible from the command line. ([#4789](https://github.com/Skyvern-AI/skyvern/pull/4789), [#4792](https://github.com/Skyvern-AI/skyvern/pull/4792), [#4793](https://github.com/Skyvern-AI/skyvern/pull/4793))
- **Claude Opus 4.6 CUA Support** — Anthropic's Claude Opus 4.6 is now available as a Computer Use Agent model for driving browser interactions. ([#4780](https://github.com/Skyvern-AI/skyvern/pull/4780))
## Improvements
- The workflow run timeline now properly displays loop iterations and conditional branches, making complex runs easier to debug. ([#4782](https://github.com/Skyvern-AI/skyvern/pull/4782))
## Bug fixes
- Fixed conditional blocks evaluating the wrong value after Jinja template rendering. ([#4801](https://github.com/Skyvern-AI/skyvern/pull/4801))
- Fixed MFA resolution priority when both TOTP credentials and webhooks are configured. ([#4800](https://github.com/Skyvern-AI/skyvern/pull/4800))
</Update>
<Update label="v1.0.15 — February 17, 2026" description="Claude Opus 4.6 model support">
## New features
- **Anthropic Claude Opus 4.6** — Added Claude Opus 4.6 as an available LLM engine for web automation tasks. ([#4777](https://github.com/Skyvern-AI/skyvern/pull/4777), [#4778](https://github.com/Skyvern-AI/skyvern/pull/4778))
</Update>

2
docs/cloud/account-settings/api-keys.mdx
View file

@ -24,7 +24,7 @@ Every Skyvern API request requires the `x-api-key` header:
curl -X POST "https://api.skyvern.com/v1/runs" \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "url": "https://example.com", "goal": "Extract the pricing table" }'
-d '{ "url": "https://example.com", "prompt": "Extract the pricing table" }'
```
With the Python SDK:

1
docs/cloud/getting-started/monitor-a-run.mdx
View file

@ -31,7 +31,6 @@ The live browser stream is active while the task is still in progress:
| `created` | Waiting to start |
| `queued` | Waiting for a browser |
| `running` | **Active**: the browser is navigating |
| `paused` | Waiting for human interaction |
| `completed` | Stream closed. View the recording instead. |
| `failed` | Stream closed. View the recording instead. |
| `terminated` | Stream closed. View the recording instead. |

2
docs/cloud/getting-started/overview.mdx
View file

@ -38,7 +38,7 @@ Ready-made automation templates. Each agent is preconfigured with a prompt, targ
| Page | Purpose |
|------|---------|
| **Billing** | Usage, remaining credits, and plan management. |
| **Credentials** | Store website logins securely. Skyvern uses these to authenticate automatically when it encounters a login page. |
| **Credentials** | Store website logins, credit card details, and secret values securely. Skyvern uses these to authenticate automatically, fill payment forms, and inject secrets into workflows. |
| **Settings** | API key, account preferences, and organization management. |
## How it works

130
docs/cloud/managing-credentials/credentials-overview.mdx
View file

@ -4,74 +4,99 @@ subtitle: Securely store login details, payment info, and secrets for your autom
slug: cloud/managing-credentials/credentials-overview
---
The **Credentials** page stores sensitive values — passwords, payment cards, and secrets — so your workflows can use them without you pasting passwords into prompts.
<Note>
Credentials **never reach the LLM**. The AI agent decides *where* to type, but the actual values are injected directly into the browser by the automation layer. Your credentials aren't exposed in prompts, logs, or model provider APIs.
</Note>
The **Credentials** page stores sensitive values (passwords, payment cards, and secrets) so your workflows can use them without embedding secrets in prompts or parameters. Skyvern stores credentials by default with no external service required.
<img src="/images/cloud/credentials-overview.png" alt="Credentials page overview" />
## How Skyvern keeps credentials secure
Sensitive credential data never reaches the LLM, logs, or API responses.
<Steps>
<Step title="Encrypted at rest">
When you save a credential, the sensitive data (passwords, card numbers, CVVs, and TOTP secrets) is sent to a secure vault that provides encryption at rest. Skyvern supports multiple vault backends: Bitwarden, 1Password, Azure Key Vault, and custom webhook providers. Skyvern's own database stores only non-sensitive metadata: credential name, username, card last four digits, card brand, TOTP method, and similar identifiers. Passwords, full card numbers, CVVs, and TOTP secrets are stored exclusively in the vault.
</Step>
<Step title="Placeholders during execution">
When a workflow runs, the LLM receives only placeholder IDs like `placeholder_Xk9m_password`. The AI decides *where* to type on the page, but never sees the real values. No third party, including the LLM provider, ever accesses your actual credentials.
</Step>
<Step title="Just-in-time injection">
At the browser level, the automation layer resolves placeholders to real values and types them directly into the page. After execution, credential values that appear in HTTP Request block responses, block context snapshots, and conditional evaluation outputs are automatically masked before storage.
</Step>
</Steps>
---
## Quick start
<Steps>
<Step title="Navigate to the Credentials page">
Click **Credentials** in the left sidebar under **General**.
<img src="/images/cloud/credentials-sidebar-nav.png" alt="Credentials option in the left sidebar under General" />
</Step>
<Step title="Click + Add">
Choose the credential type: **Password**, **Credit Card**, or **Secret**.
<img src="/images/cloud/credentials-add-dropdown.png" alt="Add dropdown showing Password, Credit Card, and Secret options" />
</Step>
<Step title="Fill in the details and save">
Enter the required fields and click **Save**. The credential is immediately available for use in workflows.
</Step>
</Steps>
---
## What you can store
**[Password credentials](/cloud/managing-credentials/password-credentials)** — username, password, and optional 2FA configuration. Used with Login blocks to automate full sign-in flows, including two-factor authentication.
<CardGroup cols={3}>
<Card
title="Password Credentials"
icon="key"
href="/cloud/managing-credentials/password-credentials"
>
Username, password, and optional 2FA configuration for automated logins
</Card>
<Card
title="Credit Card Credentials"
icon="credit-card"
href="/cloud/managing-credentials/credit-card-credentials"
>
Payment card details for purchase and checkout workflows
</Card>
<Card
title="Secret Credentials"
icon="file-shield"
href="#secret-credentials"
>
A single sensitive string such as an API key, bearer token, or any value you don't want hardcoded
</Card>
</CardGroup>
**[Credit card credentials](/cloud/managing-credentials/credit-card-credentials)** — payment card details (number, expiration, CVV, cardholder name). Used in workflows that complete purchases or fill billing forms.
Password and Credit Card credentials have their own pages. Secrets are simpler and documented here.
**Secret credentials** — a single sensitive string: API key, bearer token, encryption key, or anything you don't want hardcoded. Create one from **+ Add → Secret** and reference it in any parameter field:
### Secret credentials
Secrets store a single sensitive value (an API key, bearer token, or similar). Create one from **+ Add → Secret**, give it a name and value, then reference it in HTTP Request, Code, or Workflow Trigger blocks using the credential parameter's key:
```
{{ credential_name.secret_value }}
{{ parameter_key.secret_value }}
```
## External credential providers
Replace `parameter_key` with the **key** assigned to the credential parameter in the workflow editor (e.g., `credentials`, `credentials_1`).
If your organization already manages secrets in a dedicated vault, reference them directly from **Bitwarden**, **1Password**, or **Azure Key Vault** by adding credential parameters in the [workflow editor](/cloud/building-workflows/add-parameters).
---
### Bitwarden
## Using credentials in workflows
Works with hosted Bitwarden and the self-hosted [Vaultwarden](https://github.com/dani-garcia/vaultwarden) fork. Supports passwords, credit cards, and identity data (SSN, address, phone numbers).
The most common pattern is a **Login block**. A Login block is a workflow step that signs into a website using stored credentials. Select a credential from the dropdown, and Skyvern fills in the username, password, and 2FA code (if configured) automatically. See [Block Reference](/cloud/building-workflows/configure-blocks) for details.
Point a credential parameter at a specific vault item using the **Collection ID** and **Item ID** from the Bitwarden web UI. Alternatively, set a **URL Parameter Key** so Bitwarden matches credentials by the target URL — useful when the same workflow runs against different sites.
For workflows that need different credentials at runtime, add a **Credential parameter** (type: `credential_id`). When someone runs the workflow, they pick which credential to use from a dropdown. See [Workflow Parameters](/cloud/building-workflows/add-parameters) for setup.
For identity data, specify an **Identity Key** and a comma-separated list of **Identity Fields** (e.g., `ssn, address, phone`).
### 1Password
Connects via a service account token. Supports passwords and credit cards.
**One-time setup:** Go to **Settings** → find the **1Password** card → paste your [service account token](https://developer.1password.com/docs/service-accounts/get-started/) → click **Update**. The status indicator turns **Active** once validated.
In the workflow editor, select **1Password** as the credential source and provide the **Vault ID** and **Item ID** from your 1Password web URLs.
<Warning>
Credit cards from 1Password need a text field named **"Expire Date"** on the item in `MM/YYYY` format. This is a workaround for how 1Password structures card data.
</Warning>
### Azure Key Vault
Pulls credentials stored as Azure secrets. Supports passwords with optional TOTP.
**One-time setup:** Go to **Settings** → find the **Azure** card → enter your **Tenant ID**, **Client ID**, and **Client Secret** → click **Update**.
In the workflow editor, select **Azure Key Vault** as the credential source and point it at your vault by name. Provide the **secret names** that store the username and password (and optionally a TOTP secret for 2FA) — not the values themselves.
### Which source should you use?
| Source | Best for |
|--------|----------|
| **Skyvern built-in** | Fastest setup — create credentials directly in the UI, no external dependencies |
| **Bitwarden** | Teams already using Bitwarden who don't want to manage credentials in two places |
| **1Password** | Teams already using 1Password with service account access |
| **Azure Key Vault** | Enterprise environments with centrally managed Azure secrets |
You can mix sources within the same workflow — one Login block using Skyvern-stored credentials and another using Azure Key Vault.
---
## Deleting credentials
Click the **trash icon** on any credential. Deletion is permanent — the Skyvern team can't restore deleted credentials. If a workflow references a deleted credential, it will fail at the login step until you assign a replacement.
Click the **trash icon** on any credential row. Deletion is permanent and cannot be undone. If a workflow references a deleted credential, the run will fail during initialization until you assign a replacement.
<CardGroup cols={3}>
<CardGroup cols={2}>
<Card
title="Password Credentials"
icon="key"
@ -84,7 +109,7 @@ Click the **trash icon** on any credential. Deletion is permanent — the Skyver
icon="credit-card"
href="/cloud/managing-credentials/credit-card-credentials"
>
Store payment details for purchase workflows
Store payment details for checkout workflows
</Card>
<Card
title="2FA / TOTP Setup"
@ -93,4 +118,11 @@ Click the **trash icon** on any credential. Deletion is permanent — the Skyver
>
Configure and manage two-factor authentication
</Card>
<Card
title="External Providers"
icon="vault"
href="/cloud/managing-credentials/external-providers"
>
Connect Bitwarden, 1Password, Azure Key Vault, or a custom API
</Card>
</CardGroup>

57
docs/cloud/managing-credentials/credit-card-credentials.mdx
View file

@ -4,38 +4,54 @@ subtitle: Store payment details for purchase and checkout workflows
slug: cloud/managing-credentials/credit-card-credentials
---
Credit card credentials store payment details so the AI can fill checkout forms without you embedding card numbers in prompts or parameters.
Credit card credentials store payment details so the AI can fill checkout forms without you embedding card numbers in prompts or parameters. Like all credentials, card numbers never reach the LLM. They are injected directly at the browser level.
## Creating a credit card credential
Click **+ Add → Credit Card** from the Credentials page. Provide the full card details:
<Steps>
<Step title="Open the Add dialog">
Click **+ Add → Credit Card** from the Credentials page.
</Step>
<Step title="Fill in the card details">
Provide all required fields:
| Field | Description |
|-------|------------|
| **Name** | A label like "Corporate Visa" to identify it later |
| **Cardholder Name** | Name printed on the card |
| **Number** | Full card number (spaces added automatically as you type) |
| **Brand** | Card network: Visa, Mastercard, American Express, Discover, JCB, Diners Club, Maestro, UnionPay, RuPay, or Other |
| **Expiration** | Month and year in `MM/YY` format (slash inserted automatically) |
| **CVV** | 3 or 4 digit security code |
| Field | Description |
|-------|------------|
| **Name** | A label like "Corporate Visa" to identify it later |
| **Cardholder Name** | Name printed on the card |
| **Number** | Full card number (spaces added automatically as you type) |
| **Brand** | Card network: Visa, Mastercard, American Express, Discover, JCB, Diners Club, Maestro, UnionPay, RuPay, or Other |
| **Expiration** | Month and year in `MM/YY` format (slash inserted automatically) |
| **CVV** | 3 or 4 digit security code |
</Step>
<Step title="Save">
Click **Save**. After saving, the card number is masked and only the last four digits are ever shown again.
</Step>
</Steps>
After saving, the card number is masked — only the last four digits are ever shown again.
<img src="/images/cloud/credentials-add-credit-card.png" alt="Add Credit Card credential modal" />
<img src="/images/cloud/credentials-credit-card-detail.png" alt="Saved credit card credential showing masked card number" />
## Using credit cards in workflows
Credit cards work with **Browser Task** and **Browser Action** blocks that interact with checkout pages. The AI identifies payment fields on the page and fills them with the stored details.
Credit cards work with [**Browser Task** and **Browser Action**](/cloud/building-workflows/configure-blocks) blocks that interact with checkout pages. The AI automatically recognizes standard checkout forms and fills card number, name, expiration, and CVV fields with the stored details. No field mapping is required.
To reference a credit card, add a **Credential parameter** (type: `credential_id`) and select the card when running the workflow. This lets the same checkout workflow work with different payment methods.
For workflows that need different cards at runtime, add a **Credential parameter** (type: `credential_id`) in the [workflow editor](/cloud/building-workflows/add-parameters). When someone runs the workflow, they select which card to use from a dropdown. This lets the same checkout workflow work with different payment methods.
<Note>
Credit cards from **1Password** need a text field named **"Expire Date"** in `MM/YYYY` format on the 1Password item. See [Credentials Overview](/cloud/managing-credentials/credentials-overview#1password) for details.
If you use 1Password as a credential provider, credit cards require a custom text field named **"Expire Date"**, **"Expiry Date"**, or **"Expiration Date"** in `MM/YYYY` or `MM/YY` format. 1Password does not expose the native expiration field through its API, so Skyvern reads this custom text field instead. See [External Providers](/cloud/managing-credentials/external-providers#1password) for full setup details.
</Note>
## Editing and deleting
Credit card credentials can't be edited after creation. If card details change, delete the old credential and create a new one. Click the **trash icon** to delete — the action is permanent.
<Note>
To edit a credential, click the **pencil icon** on its row. For security, saved card details are never retrieved, so you must re-enter all fields when updating.
</Note>
<CardGroup cols={2}>
Click the **trash icon** on any credential row to delete it. Deletion is permanent and cannot be undone.
<CardGroup cols={3}>
<Card
title="Password Credentials"
icon="key"
@ -43,11 +59,18 @@ Credit card credentials can't be edited after creation. If card details change,
>
Store login details with optional 2FA
</Card>
<Card
title="External Providers"
icon="vault"
href="/cloud/managing-credentials/external-providers"
>
Connect Bitwarden, 1Password, Azure Key Vault, or a custom API
</Card>
<Card
title="Credentials Overview"
icon="lock"
href="/cloud/managing-credentials/credentials-overview"
>
All credential types, external providers, and security model
Security model, quick start, and all credential types
</Card>
</CardGroup>

383
docs/cloud/managing-credentials/external-providers.mdx Normal file
View file

@ -0,0 +1,383 @@
---
title: External Credential Providers
subtitle: Connect Bitwarden, 1Password, Azure Key Vault, or your own vault API
slug: cloud/managing-credentials/external-providers
---
Instead of copying secrets into Skyvern, you can point Skyvern at your existing vault and it pulls credentials at runtime. If your organization already manages secrets in a dedicated vault, connect it as a credential source and reference items directly from workflow parameters.
<Note>
External providers are configured per-organization. Once connected, any workflow in the organization can reference credentials from that provider.
</Note>
## Choosing a provider
| Source | Credential types | Setup | Best for |
|--------|-----------------|-------|----------|
| **Skyvern** (default) | Password, Credit Card, Secret | None (built in) | Most users, fastest setup |
| **Bitwarden** | Password, Credit Card, Identity | Credential parameter config | Teams already using Bitwarden (enterprise) |
| **1Password** | Password, Credit Card | Settings page setup | Teams with 1Password service accounts |
| **Azure Key Vault** | Password (with optional TOTP) | Settings page setup | Enterprise Azure environments |
| **Webhook (Custom API)** | Password, Credit Card | Settings page setup | Organizations with custom vaults |
You can mix sources within the same workflow. For example, one Login block can use Skyvern-stored credentials while another uses Azure Key Vault.
---
## Bitwarden
<Note>
Bitwarden integration is available on the **enterprise plan**. Contact [sales@skyvern.com](mailto:sales@skyvern.com) for access.
</Note>
Works with hosted Bitwarden and the self-hosted [Vaultwarden](https://github.com/dani-garcia/vaultwarden) fork. Supports passwords, credit cards, and identity data (SSN, address, phone numbers).
<Warning>
Make sure your Bitwarden account is on `bitwarden.com`, not `bitwarden.eu`. The EU instance uses a different API that Skyvern does not currently support.
</Warning>
### Cloud setup
<Steps>
<Step title="Create a Bitwarden Organization">
Log into Bitwarden, navigate to **Admin Console**, and ensure you have an organization created.
</Step>
<Step title="Create a collection to share with Skyvern">
In your organization, click **New → Create a collection**. Name it something identifiable (e.g., "Skyvern Credentials"). Skip this step if you already have a collection ready.
</Step>
<Step title="Configure access with the Skyvern team">
Go to the **Access** tab on your collection. This step requires coordination with the Skyvern enterprise team, who will configure access on their end. Contact [sales@skyvern.com](mailto:sales@skyvern.com) to get started.
</Step>
<Step title="Grab your Collection ID">
Click into the collection and find the collection UUID in the URL bar.
</Step>
<Step title="Add to a workflow">
In the Skyvern workflow editor, click **Parameters → Add Parameter → Credential Parameter** and select the **Bitwarden** tab. Enter your **Collection ID** and optionally an **Item ID** to target a specific vault item.
</Step>
</Steps>
### Configuration options
| Field | Description |
|-------|------------|
| **Collection ID** | The UUID of your Bitwarden collection (found in the URL when viewing the collection) |
| **Item ID** | Target a specific vault item. Leave blank to use URL matching instead. |
| **URL Parameter Key** | Match credentials by the target URL. Useful when the same workflow runs against different sites. |
### Identity data
For identity fields (SSN, address, phone numbers), specify an **Identity Key** and a comma-separated list of **Identity Fields** (e.g., `ssn, address, phone`) in the Credential Parameter configuration panel.
<Accordion title="Self-hosted Bitwarden (Vaultwarden)">
Skyvern integrates with self-hosted Bitwarden-compatible services like Vaultwarden using the Bitwarden CLI server as a bridge:
```text
Skyvern → bw serve (CLI Server) → Vaultwarden
```
**Environment variables:**
```bash
# Skyvern Bitwarden Configuration
SKYVERN_AUTH_BITWARDEN_ORGANIZATION_ID=your-org-id-here
SKYVERN_AUTH_BITWARDEN_MASTER_PASSWORD=your-master-password-here
SKYVERN_AUTH_BITWARDEN_CLIENT_ID=user.your-client-id-here
SKYVERN_AUTH_BITWARDEN_CLIENT_SECRET=your-client-secret-here
# Vaultwarden Configuration
BW_HOST=https://your-vaultwarden-server.com
BW_CLIENTID=${SKYVERN_AUTH_BITWARDEN_CLIENT_ID}
BW_CLIENTSECRET=${SKYVERN_AUTH_BITWARDEN_CLIENT_SECRET}
BW_PASSWORD=${SKYVERN_AUTH_BITWARDEN_MASTER_PASSWORD}
# CLI Server Configuration
BITWARDEN_SERVER=http://localhost
BITWARDEN_SERVER_PORT=8002
```
Start the CLI server with Docker Compose:
```bash
docker-compose up -d bitwarden-cli
```
Verify it's running:
```bash
curl http://localhost:8002/status
```
</Accordion>
---
## 1Password
Connects via a [service account token](https://developer.1password.com/docs/service-accounts/get-started/). A service account is an API-only identity that accesses vault items without a human login. Supports passwords and credit cards.
### One-time setup
<Steps>
<Step title="Create a service account">
In your 1Password admin console, go to **Developer > Service Accounts** and create a new service account. Grant it access to the vault that contains the credentials Skyvern needs.
</Step>
<Step title="Open Settings">
In Skyvern, go to **Settings** and find the **1Password** card.
</Step>
<Step title="Enter your service account token">
Paste the service account token from the previous step.
</Step>
<Step title="Save and verify">
Click **Update**. The status indicator turns **Active** once the token is validated.
</Step>
</Steps>
<Tip>
If the status does not turn Active, verify that your service account token has access to the target vault and has not expired.
</Tip>
### Using in a workflow
In the workflow editor, add a **Credential Parameter** and select **1Password** as the source. Provide the **Vault ID** and **Item ID**. You can find both IDs in the URL when viewing an item in the 1Password web app.
<Warning>
Credit cards from 1Password need a custom text field named **"Expire Date"**, **"Expiry Date"**, or **"Expiration Date"** in `MM/YYYY` or `MM/YY` format. 1Password does not expose the native expiration field through its API, so Skyvern reads this custom text field instead.
</Warning>
---
## Azure Key Vault
Pulls credentials stored as Azure secrets. Supports passwords with optional TOTP.
### One-time setup
<Steps>
<Step title="Open Settings">
Go to **Settings** and find the **Azure** card.
</Step>
<Step title="Enter your Azure credentials">
Provide your **Tenant ID**, **Client ID**, and **Client Secret**.
</Step>
<Step title="Save">
Click **Update**. Skyvern will use these credentials to access your vault.
</Step>
</Steps>
### Using in a workflow
In the workflow editor, add a **Credential Parameter** and select **Azure Key Vault** as the source. Provide the vault name and the **secret names** that store the username, password, and optionally a TOTP secret. Enter the secret names, not the values themselves.
For example, if your vault stores secrets named `salesforce-username`, `salesforce-password`, and `salesforce-totp`, enter those three names in the corresponding fields.
---
## Webhook (Custom API)
Connect your own HTTP API as a credential backend. Skyvern calls your API to create, retrieve, and delete credentials, so sensitive data stays in your infrastructure.
### API contract
Your service must implement three endpoints. All requests include an `Authorization: Bearer {API_TOKEN}` header.
**Create credential**
```http
POST {API_BASE_URL}
Authorization: Bearer {API_TOKEN}
Content-Type: application/json
```
The request body depends on the credential type. Your API must handle all three:
<Accordion title="Password request body">
```json
{
"name": "Salesforce Login",
"type": "password",
"username": "user@example.com",
"password": "secure_password",
"totp": "JBSWY3DPEHPK3PXP",
"totp_type": "authenticator"
}
```
The `totp` and `totp_type` fields are optional. `totp_type` can be `"authenticator"`, `"email"`, `"text_message"`, or `"none"`.
</Accordion>
<Accordion title="Credit card request body">
```json
{
"name": "Corporate Visa",
"type": "credit_card",
"card_holder_name": "Jane Doe",
"card_number": "4111111111111111",
"card_exp_month": "12",
"card_exp_year": "2025",
"card_cvv": "123",
"card_brand": "visa"
}
```
</Accordion>
<Accordion title="Secret request body">
```json
{
"name": "Stripe API Key",
"type": "secret",
"secret_value": "sk_live_abc123",
"secret_label": "api-key"
}
```
The `secret_label` field is optional.
</Accordion>
Response (all types):
```json
{
"id": "cred_123456"
}
```
**Get credential**
```http
GET {API_BASE_URL}/{credential_id}
Authorization: Bearer {API_TOKEN}
```
Return the same fields that were sent during creation (minus `name`). Include `type` so Skyvern knows how to parse the response.
**Delete credential**
```http
DELETE {API_BASE_URL}/{credential_id}
Authorization: Bearer {API_TOKEN}
```
Response: HTTP 200
### Setup
<Steps>
<Step title="Open Settings">
Go to **Settings** and find the **Custom Credential Service** card.
</Step>
<Step title="Enter your API details">
Provide the **API Base URL** and **API Token** for your credential service.
</Step>
<Step title="Save">
Click **Update Configuration**. The status indicator turns **Active** once the configuration is saved.
</Step>
</Steps>
<Accordion title="Example: minimal FastAPI implementation">
```python
from fastapi import FastAPI, HTTPException, Depends, Header
from pydantic import BaseModel
from typing import Optional
import uuid
app = FastAPI()
credentials_store = {}
class CreateCredentialRequest(BaseModel):
name: str
type: str # "password", "credit_card", or "secret"
# Password fields
username: Optional[str] = None
password: Optional[str] = None
totp: Optional[str] = None
totp_type: Optional[str] = None
# Credit card fields
card_holder_name: Optional[str] = None
card_number: Optional[str] = None
card_exp_month: Optional[str] = None
card_exp_year: Optional[str] = None
card_cvv: Optional[str] = None
card_brand: Optional[str] = None
# Secret fields
secret_value: Optional[str] = None
secret_label: Optional[str] = None
class CredentialResponse(BaseModel):
id: str
def verify_token(authorization: str = Header(...)):
if not authorization.startswith("Bearer "):
raise HTTPException(401, "Invalid authorization header")
token = authorization.split("Bearer ")[1]
if token != "your_expected_api_token":
raise HTTPException(401, "Invalid API token")
@app.post("/api/v1/credentials", response_model=CredentialResponse)
async def create_credential(
request: CreateCredentialRequest,
_: None = Depends(verify_token)
):
credential_id = f"cred_{uuid.uuid4().hex[:12]}"
credentials_store[credential_id] = request.model_dump()
return CredentialResponse(id=credential_id)
@app.get("/api/v1/credentials/{credential_id}")
async def get_credential(
credential_id: str,
_: None = Depends(verify_token)
):
if credential_id not in credentials_store:
raise HTTPException(404, "Credential not found")
return credentials_store[credential_id]
@app.delete("/api/v1/credentials/{credential_id}")
async def delete_credential(
credential_id: str,
_: None = Depends(verify_token)
):
if credential_id not in credentials_store:
raise HTTPException(404, "Credential not found")
del credentials_store[credential_id]
return {"status": "deleted"}
```
</Accordion>
<Accordion title="Self-hosted configuration (environment variables)">
For self-hosted Skyvern deployments, set these environment variables instead of using the Settings UI:
```bash
CREDENTIAL_VAULT_TYPE=custom
CUSTOM_CREDENTIAL_API_BASE_URL=https://credentials.company.com/api/v1/credentials
CUSTOM_CREDENTIAL_API_TOKEN=your_api_token_here
```
Restart Skyvern after setting these variables.
</Accordion>
### Troubleshooting
| Problem | What to check |
|---------|--------------|
| Status stays Inactive | Verify the API base URL is a valid URL and the API token is not empty. The configuration is validated on save but does not make a live request to your server. |
| Credentials not created | Review your API logs for auth errors. Ensure the response includes an `id` field. Skyvern expects HTTP 200 for all operations. |
| Credentials not retrieved | Ensure the GET response includes all required fields for the credential type (`username` and `password` for passwords, all card fields for credit cards, `secret_value` for secrets). |
| Env config not working | Restart Skyvern after setting variables. Verify `CREDENTIAL_VAULT_TYPE=custom` is set and both URL and token are provided. The default vault type is `bitwarden`, so this variable must be explicitly set. |
---
<CardGroup cols={3}>
<Card
title="Credentials Overview"
icon="lock"
href="/cloud/managing-credentials/credentials-overview"
>
Built-in credential storage, security model, and quick start
</Card>
<Card
title="Password Credentials"
icon="key"
href="/cloud/managing-credentials/password-credentials"
>
Store login details with optional 2FA
</Card>
<Card
title="Workflow Parameters"
icon="sliders"
href="/cloud/building-workflows/add-parameters"
>
Configure credential parameters in the workflow editor
</Card>
</CardGroup>

38
docs/cloud/managing-credentials/password-credentials.mdx
View file

@ -1,19 +1,30 @@
---
title: Password Credentials
subtitle: Store login details and use them in automated workflows
subtitle: Store login details and use them in automated sign-in flows
slug: cloud/managing-credentials/password-credentials
---
Password credentials store a username, password, and optional 2FA configuration. Reference them from Login blocks in your workflows, and Skyvern handles the entire sign-in flow including entering 2FA codes.
Password credentials store a username, password, and optional 2FA configuration. Reference them from [Login blocks](/cloud/building-workflows/configure-blocks) in your workflows, and Skyvern handles the entire sign-in flow, including entering 2FA codes.
## Creating a password credential
Click **+ Add → Password** from the Credentials page. Three fields: **Name** (a label like "Salesforce Production"), **Username or Email**, and **Password**. The password field has an eye icon to toggle visibility.
<Steps>
<Step title="Open the Add dialog">
Click **+ Add → Password** from the Credentials page.
</Step>
<Step title="Fill in your login details">
Enter a **Name** (a label like "Salesforce Production"), **Username or Email**, and **Password**. The password field has an eye icon to toggle visibility.
</Step>
<Step title="Configure 2FA (optional)">
Expand the **Two-Factor Authentication** accordion to set up automated 2FA handling. See [below](#adding-two-factor-authentication) for details.
</Step>
<Step title="Save">
Click **Save**. The credential is immediately available for use in workflows.
</Step>
</Steps>
<img src="/images/cloud/credentials-add-password.png" alt="Add password credential modal" />
Save the credential and it's ready to use in a workflow.
## Adding two-factor authentication
If the site requires 2FA, expand the **Two-Factor Authentication** accordion below the password fields. Three options, depending on how the site delivers codes:
@ -22,7 +33,7 @@ If the site requires 2FA, expand the **Two-Factor Authentication** accordion bel
| Method | How it works |
|--------|-------------|
| **Authenticator App** | Paste the TOTP secret key and Skyvern generates codes locally on demand — fully automated, no delay. Preferred when the site supports it. |
| **Authenticator App** | Paste the TOTP secret key and Skyvern generates codes locally on demand. Fully automated with no delay. Preferred when the site supports it. |
| **Email** | Provide the email address that receives codes. Skyvern waits for you to push the code via the [2FA tab](/cloud/managing-credentials/totp-setup) or API. Identifier auto-fills from the Username field. |
| **Text Message** | Provide the phone number that receives codes. Same push-based flow as Email. |
@ -35,26 +46,23 @@ The secret key is the base32-encoded string behind the QR code you'd scan in an
- **Bitwarden**: Edit the login → TOTP field → copy the key
- **1Password**: Edit the login → One-Time Password → copy the secret
- **LastPass**: Edit the login → Advanced Settings → copy the TOTP secret
- **Site settings**: Many sites show a "Can't scan?" link during 2FA setup that reveals the text key
If you only have a QR code, decode it to extract the `secret=` parameter from the `otpauth://totp/...?secret=BASE32KEY` URI.
</Accordion>
## Using credentials in workflows
## Using credentials in a workflow
The most common pattern is a **Login block**. Select the stored credential from the dropdown, and Skyvern navigates to the login page, enters the username and password, handles 2FA if configured, and waits for the page to confirm authentication. See [Block Reference → Login](/cloud/building-workflows/configure-blocks) for details.
For workflows that need different accounts at runtime, use a **Credential parameter** (type: `credential_id`). When someone runs the workflow, they pick which credential to use from a dropdown.
You can also pull credentials from **Bitwarden**, **1Password**, or **Azure Key Vault**. See [External Providers](/cloud/managing-credentials/credentials-overview#external-credential-providers).
In the Login block configuration, select a stored credential from the dropdown. Skyvern fills in the username and password automatically, and handles 2FA if configured.
## Managing credentials
Stored credentials show the name, credential ID, username (plain text), password (always masked), and 2FA method if configured.
<Warning>
Credentials can't be edited after creation. To change a password, delete the old credential and create a new one.
</Warning>
<Note>
To edit a credential, click the **pencil icon** on its row. For security, saved passwords and secrets are never retrieved, so you must re-enter all sensitive fields when updating.
</Note>
<CardGroup cols={2}>
<Card

133
docs/cloud/managing-credentials/totp-setup.mdx
View file

@ -4,45 +4,104 @@ subtitle: Configure two-factor authentication for automated logins
slug: cloud/managing-credentials/totp-setup
---
Skyvern handles 2FA through two mechanisms. **Authenticator App (TOTP)** generates codes locally from your secret key — fully automatic. **Email/SMS** waits for you to push the code via the UI or API. Both are configured on the [password credential](/cloud/managing-credentials/password-credentials) itself.
Skyvern supports three 2FA methods for automated logins. **Authenticator App (TOTP)** is fully automatic: Skyvern generates codes locally. **Email** and **Text Message** require you to push codes via the UI or API. All three are configured on the [password credential](/cloud/managing-credentials/password-credentials) itself.
## Authenticator App (TOTP)
The preferred method. Store a TOTP secret key in a password credential, and Skyvern generates valid 6-digit codes on demand during login flows. The Login block enters credentials, detects the 2FA prompt, generates a fresh code, and enters it — all automatic.
The preferred method. Skyvern generates valid 6-digit codes on demand during login flows with no delay and no manual steps.
**Setup:** Create a password credential → expand **Two-Factor Authentication** → select **Authenticator App** → paste the TOTP secret key into the **Authenticator Key** field.
### How it works
The secret key is the base32-encoded string behind the QR code you'd normally scan. Copy it from your password manager (Bitwarden: TOTP field; 1Password: One-Time Password field) or look for a "Can't scan the QR code?" link during the site's 2FA setup.
1. The Login block enters the username and password
2. The site prompts for a 2FA code
3. Skyvern generates a fresh TOTP code from the stored secret key
4. The code is entered automatically and login completes
## Email and SMS codes
### Setting it up
When a site sends codes via email or text, someone (or something) needs to deliver the code to Skyvern.
<Steps>
<Step title="Create a password credential">
Go to the Credentials page and create a new password credential.
</Step>
<Step title="Expand Two-Factor Authentication">
Below the password fields, click the **Two-Factor Authentication** accordion.
</Step>
<Step title="Select Authenticator App">
Choose **Authenticator App** from the three options.
</Step>
<Step title="Paste your TOTP secret key">
Enter the secret key into the **Authenticator Key** field and click **Save**.
</Step>
</Steps>
The flow:
<Accordion title="Finding your TOTP secret key">
The secret key is the base32-encoded string behind the QR code you'd normally scan in an authenticator app. You can find it in a few places:
1. Login block enters username and password
2. Site sends a 2FA code to the configured email or phone
- **Bitwarden**: Edit the login → TOTP field → copy the key
- **1Password**: Edit the login → One-Time Password → copy the secret
- **LastPass**: Edit the login → Advanced Settings → copy the TOTP secret
- **Site settings**: Many sites show a "Can't scan?" link during 2FA setup that reveals the text key
If you only have a QR code, decode it to extract the `secret=` parameter from the `otpauth://totp/...?secret=BASE32KEY` URI.
</Accordion>
---
## Email and Text Message codes
When a site sends 2FA codes via email or SMS, someone (or something) needs to deliver the code to Skyvern before the login can complete.
### How it works
1. The Login block enters the username and password
2. The site sends a 2FA code to the configured email or phone number
3. You push the code to Skyvern via the **2FA tab** or the API
4. Skyvern enters the code and completes the login
### Pushing a code manually
### Setting it up
<Steps>
<Step title="Create a password credential">
Go to the Credentials page and create a new password credential.
</Step>
<Step title="Expand Two-Factor Authentication">
Below the password fields, click the **Two-Factor Authentication** accordion.
</Step>
<Step title="Select Email or Text Message">
Choose the method that matches how the site delivers codes.
</Step>
<Step title="Enter the identifier">
Provide the **email address** or **phone number** that receives the codes. For Email, this auto-fills from the Username field.
</Step>
</Steps>
---
## Pushing codes to Skyvern
Once a workflow is running and waiting for a 2FA code, you need to deliver it. There are two ways.
### Via the UI
Open the **2FA** tab on the Credentials page. The **Push a 2FA Code** form has two fields:
| Field | What to enter |
|-------|--------------|
| **Identifier** | The email address or phone number that received the code |
| **Verification content** | The full email/SMS body, or just the code itself — Skyvern extracts the digits automatically |
| **Verification content** | The full email/SMS body, or just the code itself. Skyvern extracts the digits automatically. |
<img src="/images/cloud/credentials-2fa-push-form.png" alt="2FA tab showing the Push a 2FA Code form and code history table" />
<Tip>
If multiple workflows are running simultaneously, click **Add optional metadata** to link the code to a specific run using the workflow run ID, workflow ID, or task ID.
</Tip>
### Pushing codes via API
### Via the API
For production, automate code delivery. Set up a forwarding rule that sends 2FA emails/texts to a script, and the script calls:
For production, automate code delivery. Set up a forwarding rule that sends 2FA emails or texts to a script, and the script pushes the code to Skyvern:
```bash
<CodeGroup>
```bash cURL
curl -X POST "https://api.skyvern.com/v1/credentials/totp" \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
@ -53,15 +112,55 @@ curl -X POST "https://api.skyvern.com/v1/credentials/totp" \
}'
```
```python Python
from skyvern import Skyvern
skyvern = Skyvern(api_key="YOUR_API_KEY")
await skyvern.send_totp_code(
totp_identifier="user@example.com",
content="Your verification code is 847291",
source="email_forwarder",
)
```
```typescript TypeScript
import { SkyvernClient } from "@skyvern/client";
const skyvern = new SkyvernClient({ apiKey: "YOUR_API_KEY" });
await skyvern.sendTotpCode({
totp_identifier: "user@example.com",
content: "Your verification code is 847291",
source: "email_forwarder",
});
```
</CodeGroup>
**Response:**
```json
{
"totp_code_id": "tc_abc123",
"totp_identifier": "user@example.com",
"code": "847291",
"source": "email_forwarder",
"created_at": "2025-01-15T10:30:00Z"
}
```
The `source` field is a free-text label for your own tracking (e.g., `"email_forwarder"`, `"twilio_webhook"`).
This turns email-based 2FA into something nearly as automated as authenticator app — the main difference is latency while the email arrives and gets forwarded.
To link a code to a specific run, pass `workflow_run_id`, `workflow_id`, or `task_id`. This is the API equivalent of the **Add optional metadata** option in the UI.
<Tip>
This turns email-based 2FA into something nearly as automated as an authenticator app. The main difference is latency while the email arrives and gets forwarded.
</Tip>
---
## Viewing past codes
The table below the push form shows all 2FA codes your organization has received: identifier, extracted code, source type, associated workflow run, and timestamps. Filter by identifier, OTP type (numeric code vs. magic link), and number of results per page.
Use this for auditing and debugging — confirming that a code was received and delivered to the right run.
Use this for auditing and debugging: confirming that a code was received and delivered to the right run.
<CardGroup cols={2}>
<Card
@ -76,6 +175,6 @@ Use this for auditing and debugging — confirming that a code was received and
icon="lock"
href="/cloud/managing-credentials/credentials-overview"
>
All credential types, external providers, and security model
Security model, quick start, and all credential types
</Card>
</CardGroup>

6
docs/debugging/faq.mdx
View file

@ -88,7 +88,7 @@ result = await client.run_workflow(
)
```
Parameters are available in prompts using `{{ parameter_name }}` syntax. See [Workflow Parameters](/workflows/workflow-parameters) for details.
Parameters are available in prompts using `{{ parameter_name }}` syntax. See [Workflow Parameters](/multi-step-automations/workflow-parameters) for details.
</Accordion>
<Accordion title="How do I use credentials in a workflow?">
@ -106,7 +106,7 @@ Skyvern doesn't have built-in scheduling yet. Use external schedulers like:
- **Zapier/Make** — Trigger workflows from automation platforms
- **Your backend** — Integrate scheduling into your application
Set up a [webhook](/running-tasks/webhooks-faq) to get notified when scheduled runs complete.
Set up a [webhook](/going-to-production/webhooks) to get notified when scheduled runs complete.
</Accordion>
<Accordion title="Why isn't my workflow using the parameter values I passed?">
@ -184,7 +184,7 @@ while True:
await asyncio.sleep(5)
```
Or use [webhooks](/running-tasks/webhooks-faq) to get notified when runs complete without polling.
Or use [webhooks](/going-to-production/webhooks) to get notified when runs complete without polling.
</Accordion>
<Accordion title="Where can I find extracted data after a run completes?">

17
docs/docs.json
View file

@ -121,7 +121,8 @@
"cloud/managing-credentials/credentials-overview",
"cloud/managing-credentials/password-credentials",
"cloud/managing-credentials/credit-card-credentials",
"cloud/managing-credentials/totp-setup"
"cloud/managing-credentials/totp-setup",
"cloud/managing-credentials/external-providers"
]
},
{
@ -187,18 +188,16 @@
"cookbooks/healthcare-portal-data"
]
},
{
"tab": "Changelog",
"pages": [
"changelog"
]
},
{
"tab": "API Reference",
"openapi": "api-reference/openapi.json"
},
{
"tab": "Cookbooks",
"pages": [
"cookbooks/overview",
"cookbooks/bulk-invoice-downloader",
"cookbooks/job-application-filler"
]
}
]
},
"navbar": {

8
docs/getting-started/core-concepts.mdx
View file

@ -87,7 +87,7 @@ Workflows support Jinja templating:
**Use Workflows for:** repeatable automations, multi-step processes, team-shared templates, complex logic with loops or conditionals.
See [Workflow Blocks](/workflows/workflow-blocks-details) for the full block reference.
See [Workflow Blocks](/multi-step-automations/workflow-blocks-reference) for the full block reference.
---
@ -304,7 +304,7 @@ await skyvern.run_workflow(
**What's saved:** Cookies, authentication tokens, local storage, session storage.
See [Browser Sessions](/browser-sessions/introduction) for details.
See [Browser Sessions](/optimization/browser-sessions) for details.
---
@ -387,14 +387,14 @@ result = await skyvern.run_task(
<Card
title="Build Workflows"
icon="diagram-project"
href="/workflows/run-workflows"
href="/multi-step-automations/build-a-workflow"
>
Create multi-step automations
</Card>
<Card
title="Workflow Blocks"
icon="cube"
href="/workflows/workflow-blocks-details"
href="/multi-step-automations/workflow-blocks-reference"
>
Full reference for all block types
</Card>

10
docs/getting-started/quickstart.mdx
View file

@ -6,7 +6,7 @@ slug: getting-started/quickstart
Run your first browser automation in 5 minutes. By the end of this guide, you'll scrape the top post from Hacker News using Skyvern's AI agent.
<Note>
Prefer a visual interface? Try the [Cloud UI](/cloud/overview) instead — no code required.
Prefer a visual interface? Try the [Cloud UI](/cloud/getting-started/overview) instead — no code required.
</Note>
## Step 1: Get your API key
@ -108,7 +108,7 @@ The response includes a `run_id` you'll use to check status and fetch results.
Since tasks run asynchronously, you have two options:
1. **Polling** — Periodically check the task status (shown below)
2. **Webhooks** — Get notified when the task completes ([see webhooks guide](/running-tasks/webhooks-faq))
2. **Webhooks** — Get notified when the task completes ([see webhooks guide](/going-to-production/webhooks))
The code below polls every 5 seconds until the task reaches a terminal state. Once complete, `run.output` contains the extracted data as a dictionary.
@ -365,7 +365,7 @@ A browser window will open on your machine (if you chose headful mode). Recordin
<Card
title="Extract Structured Data"
icon="database"
href="/running-tasks/run-tasks"
href="/running-automations/extract-structured-data"
>
Define a schema to get typed JSON output from your automations
</Card>
@ -379,14 +379,14 @@ A browser window will open on your machine (if you chose headful mode). Recordin
<Card
title="Build Workflows"
icon="diagram-project"
href="/workflows/manage-workflows"
href="/multi-step-automations/build-a-workflow"
>
Chain multiple steps together for complex automations
</Card>
<Card
title="Use Webhooks"
icon="webhook"
href="/running-tasks/webhooks-faq"
href="/going-to-production/webhooks"
>
Get notified when tasks complete instead of polling
</Card>

12
docs/going-to-production/proxy-geolocation.mdx
View file

@ -221,6 +221,11 @@ export const COUNTRY_PATHS = {
export const PROXY_LOCATIONS = [
{ code: "US", name: "United States", value: "RESIDENTIAL", timezone: "America/New_York", flag: "🇺🇸" },
{ code: "US_ISP", name: "United States (ISP)", value: "RESIDENTIAL_ISP", timezone: "America/New_York", flag: "🇺🇸" },
{ code: "US_CA", name: "California", value: "US-CA", timezone: "America/Los_Angeles", flag: "🇺🇸" },
{ code: "US_NY", name: "New York", value: "US-NY", timezone: "America/New_York", flag: "🇺🇸" },
{ code: "US_TX", name: "Texas", value: "US-TX", timezone: "America/Chicago", flag: "🇺🇸" },
{ code: "US_FL", name: "Florida", value: "US-FL", timezone: "America/New_York", flag: "🇺🇸" },
{ code: "US_WA", name: "Washington", value: "US-WA", timezone: "America/Los_Angeles", flag: "🇺🇸" },
{ code: "CA", name: "Canada", value: "RESIDENTIAL_CA", timezone: "America/Toronto", flag: "🇨🇦" },
{ code: "MX", name: "Mexico", value: "RESIDENTIAL_MX", timezone: "America/Mexico_City", flag: "🇲🇽" },
{ code: "AR", name: "Argentina", value: "RESIDENTIAL_AR", timezone: "America/Argentina/Buenos_Aires", flag: "🇦🇷" },
@ -560,6 +565,11 @@ Use these enum values for country-level targeting. Each routes through a residen
|-------|---------|----------|
| `RESIDENTIAL` | United States | America/New_York |
| `RESIDENTIAL_ISP` | United States | America/New_York |
| `US-CA` | California, US | America/Los_Angeles |
| `US-NY` | New York, US | America/New_York |
| `US-TX` | Texas, US | America/Chicago |
| `US-FL` | Florida, US | America/New_York |
| `US-WA` | Washington, US | America/Los_Angeles |
| `RESIDENTIAL_AR` | Argentina | America/Argentina/Buenos_Aires |
| `RESIDENTIAL_AU` | Australia | Australia/Sydney |
| `RESIDENTIAL_BR` | Brazil | America/Sao_Paulo |
@ -722,7 +732,7 @@ Need a location that's not available? Get help in the [Skyvern Discord community
<Card
title="Browser Sessions"
icon="window"
href="/browser-sessions/introduction"
href="/optimization/browser-sessions"
>
Maintain IP consistency across multi-step tasks
</Card>

2
docs/going-to-production/webhooks.mdx
View file

@ -6,7 +6,7 @@ slug: going-to-production/webhooks
Workflows and task runs are asynchronous. When you call `run_task` or `run_workflow`, the API returns immediately with a run ID, but the actual execution happens in the background and can take variable time.
Instead of polling the `get_runs` endpoint, you can use Webhooks to get notified when they finish.
Instead of polling the `get_runs` endpoint, you can use Webhooks to get notified when they finish. Webhooks fire only when a run reaches a terminal status: `completed`, `failed`, `terminated`, `timed_out`, or `canceled`.
This page covers setting them up, explains payload structure, signature verification, and handling delivery failures.

BIN
docs/images/cloud/credentials-2fa-push-form.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 906 KiB

BIN
docs/images/cloud/credentials-add-credit-card.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 812 KiB

BIN
docs/images/cloud/credentials-add-dropdown.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 43 KiB

BIN
docs/images/cloud/credentials-credit-card-detail.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 876 KiB

BIN
docs/images/cloud/credentials-sidebar-nav.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 73 KiB

4
docs/multi-step-automations/file-operations.mdx
View file

@ -687,7 +687,7 @@ done
</CodeGroup>
- **`file_url`** points to the file. Here, `{{ resume }}` is a workflow parameter passed at runtime — it could be a public URL, an S3 presigned URL, or a Google Drive link.
- **`file_type`** tells Skyvern how to read the file. Use `pdf`, `csv`, or `excel`.
- **`file_type`** tells Skyvern how to read the file. Use `csv`, `excel`, `pdf`, `image`, or `docx`.
- **`json_schema`** defines exactly what to extract. The LLM reads the PDF and returns data matching this structure. The `work_experience` array means you'll get one object per job with `company` and `role` fields.
The output is available as `{{ parse_resume_output }}` in subsequent blocks and looks like this:
@ -708,7 +708,7 @@ Without a `json_schema`, you get the raw parsed content instead — plain text f
| Parameter | Type | Use this to |
|-----------|------|-------------|
| `file_url` | string | Point to the file (HTTP URL, S3 URI, or parameter like `{{ resume }}`) |
| `file_type` | string | Specify format: `csv`, `excel`, or `pdf` |
| `file_type` | string | Specify format: `csv`, `excel`, `pdf`, `image`, or `docx` |
| `json_schema` | object | Define the structure you want extracted |
**Supported sources for `file_url`:**

8
docs/optimization/browser-profiles.mdx
View file

@ -332,7 +332,7 @@ async def main():
# Run workflow with saved profile, no login needed
result = await client.run_workflow(
workflow_id="wf_daily_metrics",
workflow_id="wpid_daily_metrics",
browser_profile_id="bp_490705123456789012",
wait_for_completion=True,
)
@ -351,7 +351,7 @@ async function main() {
// Run workflow with saved profile, no login needed
const result = await client.runWorkflow({
body: {
workflow_id: "wf_daily_metrics",
workflow_id: "wpid_daily_metrics",
browser_profile_id: "bp_490705123456789012",
},
waitForCompletion: true,
@ -368,7 +368,7 @@ curl -X POST "https://api.skyvern.com/v1/run/workflows" \
-H "x-api-key: $SKYVERN_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workflow_id": "wf_daily_metrics",
"workflow_id": "wpid_daily_metrics",
"browser_profile_id": "bp_490705123456789012"
}'
```
@ -381,7 +381,7 @@ curl -X POST "https://api.skyvern.com/v1/run/workflows" \
"run_id": "wr_494469342201718946",
"status": "created",
"run_request": {
"workflow_id": "wf_daily_metrics",
"workflow_id": "wpid_daily_metrics",
"browser_profile_id": "bp_490705123456789012",
"proxy_location": "RESIDENTIAL"
}

10
docs/optimization/browser-sessions.mdx
View file

@ -259,7 +259,7 @@ async def main():
# Then run a workflow in the same session (already logged in)
result = await client.run_workflow(
workflow_id="wf_export_monthly_report",
workflow_id="wpid_export_monthly_report",
browser_session_id=session_id,
wait_for_completion=True,
)
@ -295,7 +295,7 @@ async function main() {
// Then run a workflow in the same session (already logged in)
const result = await client.runWorkflow({
body: {
workflow_id: "wf_export_monthly_report",
workflow_id: "wpid_export_monthly_report",
browser_session_id: sessionId,
},
waitForCompletion: true,
@ -341,7 +341,7 @@ curl -s -X POST "https://api.skyvern.com/v1/run/workflows" \
-H "x-api-key: $SKYVERN_API_KEY" \
-H "Content-Type: application/json" \
-d "{
\"workflow_id\": \"wf_export_monthly_report\",
\"workflow_id\": \"wpid_export_monthly_report\",
\"browser_session_id\": \"$SESSION_ID\"
}"
@ -583,7 +583,7 @@ await client.run_task(prompt="Step 1", browser_session_id=session.browser_sessio
await client.run_task(prompt="Step 2", browser_session_id=session.browser_session_id, wait_for_completion=True)
# More efficient: single workflow (blocks share one browser, no inter-task overhead)
await client.run_workflow(workflow_id="wf_abc", wait_for_completion=True)
await client.run_workflow(workflow_id="wpid_abc", wait_for_completion=True)
```
```typescript TypeScript
@ -593,7 +593,7 @@ await client.runTask({ body: { prompt: "Step 1", browser_session_id: session.bro
await client.runTask({ body: { prompt: "Step 2", browser_session_id: session.browser_session_id }, waitForCompletion: true });
// More efficient: single workflow (blocks share one browser, no inter-task overhead)
await client.runWorkflow({ body: { workflow_id: "wf_abc" }, waitForCompletion: true });
await client.runWorkflow({ body: { workflow_id: "wpid_abc" }, waitForCompletion: true });
```
</CodeGroup>

47
docs/running-automations/task-parameters.mdx
View file

@ -32,6 +32,7 @@ Only `prompt` is a required parameter.
| [`max_screenshot_scrolls`](#max_screenshot_scrolls) | integer | Capture lazy-loaded content in screenshots |
| [`browser_address`](#browser_address) | string | Connect to your own browser for local development |
| [`include_action_history_in_verification`](#include_action_history_in_verification) | boolean | Improve verification accuracy for multi-step forms |
| [`run_with`](#run_with) | string | Choose whether to run with the AI agent or generated code |
| [`model`](#model) | object | Configure model settings (e.g., temperature) |
---
@ -296,6 +297,11 @@ Use this for geo-restricted content or to reduce bot detection.
| `RESIDENTIAL_KR` | South Korea |
| `RESIDENTIAL_TR` | Turkey |
| `RESIDENTIAL_ISP` | ISP proxy |
| `US-CA` | California, US |
| `US-NY` | New York, US |
| `US-TX` | Texas, US |
| `US-FL` | Florida, US |
| `US-WA` | Washington, US |
| `NONE` | No proxy |
<CodeGroup>
@ -326,7 +332,7 @@ curl -X POST "https://api.skyvern.com/v1/run/tasks" \
```
</CodeGroup>
**Granular targeting (US states/cities):**
**Granular targeting (state/city level):**
<CodeGroup>
```python Python
@ -755,6 +761,45 @@ curl -X POST "https://api.skyvern.com/v1/run/tasks" \
---
## `run_with`
Choose whether the task runs with the AI agent or generated code.
| Value | Description |
|-------|-------------|
| `agent` | Run with the AI agent (default). The agent analyzes screenshots and decides actions in real time. |
| `code` | Run with generated code. Faster and more deterministic, but requires a previously published workflow. |
<CodeGroup>
```python Python
result = await client.run_task(
prompt="Fill out the contact form",
run_with="agent"
)
```
```typescript TypeScript
const result = await client.runTask({
body: {
prompt: "Fill out the contact form",
run_with: "agent",
},
});
```
```bash cURL
curl -X POST "https://api.skyvern.com/v1/run/tasks" \
-H "x-api-key: $SKYVERN_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"prompt": "Fill out the contact form",
"run_with": "agent"
}'
```
</CodeGroup>
---
## `model`
Optional model configuration for the task.

3
docs/sdk-reference/overview.mdx
View file

@ -54,7 +54,7 @@ If you're inside a framework that already runs an event loop (FastAPI, Django AS
## Environments
The SDK ships with two built-in environment URLs:
The SDK ships with three built-in environment URLs:
```python
from skyvern.client import SkyvernEnvironment
@ -63,6 +63,7 @@ from skyvern.client import SkyvernEnvironment
| Environment | URL | When to use |
|-------------|-----|-------------|
| `SkyvernEnvironment.CLOUD` | `https://api.skyvern.com` | Skyvern Cloud (default) |
| `SkyvernEnvironment.STAGING` | `https://api.staging.skyvern.com` | Staging environment for testing |
| `SkyvernEnvironment.LOCAL` | `http://localhost:8000` | Local server started with `skyvern run server` |
For a self-hosted instance at a custom URL, pass `base_url` instead:

2
docs/self-hosted/docker.mdx
View file

@ -194,7 +194,7 @@ VIDEO_PATH=./videos
```bash
# Maximum steps before a task times out
MAX_STEPS_PER_RUN=50
MAX_STEPS_PER_RUN=10
# Server port
PORT=8000

2
docs/self-hosted/kubernetes.mdx
View file

@ -77,7 +77,7 @@ stringData:
# Browser settings
BROWSER_TYPE: "chromium-headless"
BROWSER_ACTION_TIMEOUT_MS: "5000"
MAX_STEPS_PER_RUN: "50"
MAX_STEPS_PER_RUN: "10"
# Server
PORT: "8000"

18
docs/self-hosted/llm-configuration.mdx
View file

@ -108,7 +108,21 @@ The `AZURE_DEPLOYMENT` is the name you chose when deploying the model, not the m
## Google Gemini
Gemini models through [Vertex AI](https://cloud.google.com/vertex-ai). Requires a GCP project with Vertex AI enabled.
Skyvern supports Gemini through two paths: the **Gemini API** (simpler, uses an API key) and **Vertex AI** (enterprise, uses a GCP service account).
### Gemini API
The quickest way to use Gemini. Get an API key from [Google AI Studio](https://aistudio.google.com/).
```bash .env
ENABLE_GEMINI=true
GEMINI_API_KEY=your-gemini-api-key
LLM_KEY=VERTEX_GEMINI_2.5_FLASH
```
### Vertex AI
For enterprise deployments through [Vertex AI](https://cloud.google.com/vertex-ai). Requires a GCP project with Vertex AI enabled.
```bash .env
ENABLE_VERTEX_AI=true
@ -118,7 +132,7 @@ GCP_PROJECT_ID=your-gcp-project-id
GCP_REGION=us-central1
```
### Setup steps
**Vertex AI setup steps:**
1. Create a [GCP project](https://console.cloud.google.com/) with billing enabled
2. Enable the **Vertex AI API** in your project

11
docs/self-hosted/overview.mdx
View file

@ -13,26 +13,23 @@ Self-hosted Skyvern has four components running on your infrastructure:
```mermaid
flowchart LR
subgraph Your Infrastructure
API[Skyvern API Server]
API[Skyvern API Server<br/>+ Embedded Browser]
DB[(PostgreSQL)]
Browser[Browser Container]
end
LLM[LLM Provider]
Sites[Target Websites]
API <--> DB
API <--> Browser
API <--> LLM
Browser <--> Sites
API <--> Sites
```
| Component | Role |
|-----------|------|
| **Skyvern API Server** | Orchestrates tasks, processes LLM responses, stores results |
| **Skyvern API Server** | Orchestrates tasks, processes LLM responses, stores results. Includes an embedded Playwright-managed Chromium browser that executes web automation. |
| **PostgreSQL** | Stores task history, workflows, credentials, and organization data |
| **Browser Container** | Playwright-managed Chromium that executes the actual web automation |
| **LLM Provider** | Analyzes screenshots and determines actions. You provide the API key (OpenAI, Anthropic, Azure, or local via Ollama) |
| **LLM Provider** | Analyzes screenshots and determines actions. You provide the API key (OpenAI, Anthropic, Azure OpenAI, Google Vertex AI, Amazon Bedrock, Groq, OpenRouter, or local via Ollama) |
### How a task executes