Integrations

Integrations

VexAI connects to external services through custom APIs, RSS feeds, inbound webhooks, GitHub, and email. Each integration is independently configurable and secured.

Custom API Caller

Register named API endpoints with saved authentication headers and default parameters. Once registered, call any API by name, with no need to repeat credentials each time.

ℹī¸ SSRF Protection

All outbound requests are validated against a blocklist of private and reserved IP ranges. Requests to 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and link-local addresses are automatically blocked.

Workflow

  1. Register: register_api with a name, base URL, and auth headers
  2. Call: call_api with the registered name, endpoint path, HTTP method, and optional body
  3. Manage: list_apis to view all registered APIs, delete_api to remove one
⚠ī¸ Rate Limit

Each registered API is limited to 10 calls per minute. Exceeding this limit returns an error until the window resets.

Supported Methods

All standard HTTP methods are supported: GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS.

RSS Feed Monitor

Subscribe any Discord channel to one or more RSS or Atom feeds. New entries are posted automatically at configurable intervals.

Display Formats

FormatDescription
embedRich embed with title, description, thumbnail image, and source link
compactSingle-line message with the post title and a link
fullFull post content rendered as a Discord message (truncated at 2000 chars)
💡 Polling Interval

The minimum polling interval is 5 minutes to respect feed providers. Set longer intervals for feeds that update infrequently.

Tools

ToolDescription
subscribe_rssSubscribe a channel to an RSS/Atom feed with format and interval
unsubscribe_rssRemove a feed subscription
list_rssList all active feed subscriptions for the guild

Inbound Webhook Server

A lightweight HTTP server that receives payloads from external services and posts them to configured Discord channels. Supports HMAC signature verification for secure delivery.

Signature Verification

ProviderVerification Method
GitHubX-Hub-Signature-256 HMAC-SHA256
GitLabX-Gitlab-Token shared secret
GenericCustom HMAC header (configurable)
🔒 Security

Always configure signature verification for production webhooks. Without it, anyone who discovers your webhook URL can inject payloads into your Discord channels.

Configuration

{
  "integrations": {
    "webhookServer": {
      "enabled": true,
      "port": 3847,
      "baseUrl": "https://mybot.example.com"
    }
  }
}

The server listens on the configured port. External services (GitHub, GitLab, etc.) send webhooks to https://mybot.example.com/webhook/{name}.

GitHub Tools

Query GitHub repositories, issues, pull requests, and commits directly from Discord. Works with a registered API config or a personal access token.

Available Data

  • Repository info: stars, forks, description, language breakdown
  • Issues: list, search, view details and comments
  • Pull requests: list open/closed/merged PRs with diffs
  • Commits: recent commit log with messages and authors

Configuration

{
  "integrations": {
    "github": {
      "token": "ghp_xxxxxxxxxxxxxxxxxxxx"
    }
  }
}
💡 Tip

You can also register GitHub as a custom API using register_api with an Authorization: Bearer header. The dedicated config path is just a convenience.

OpenMail Email

Receive inbound emails in a dedicated Discord approval channel. Emails are never exposed to the LLM until the server owner explicitly approves them, providing a human gate for sensitive content.

⚠ī¸ Owner-Only

The approval channel is restricted to the bot owner. Other users and the LLM cannot see pending emails.

Approval Workflow

Inbound emails are queued in the approval channel as embeds. The owner reacts to each email to decide its fate:

ReactionAction
✅Approve: email content becomes available to the LLM
🗄ī¸Archive to memory: saved to long-term memory without LLM exposure
🗑ī¸Delete: permanently discarded

Features

  • WebSocket updates: real-time notifications when new emails arrive
  • Pending reconciliation: on restart, any unprocessed emails are re-queued in the approval channel
  • Channel exclusion: the approval channel is excluded from search and mirror operations

Configuration

{
  "integrations": {
    "openmail": {
      "enabled": true,
      "apiKey": "om_live_xxx",
      "inboxId": "inb_xxx",
      "approvalChannelId": "123456789",
      "autoCreateApprovalChannel": true,
      "wsEnabled": true
    }
  }
}
ℹī¸ Auto-Create Channel

When autoCreateApprovalChannel is true and no approvalChannelId is set, VexAI creates a private channel named #email-approval on first email receipt.