List Integrations (admin)
Requires admin-scoped API key
This tool is only available when authenticated with an admin-scoped
Phoenix API key. User-scoped keys never see it in tools/list and
receive 403 forbidden_admin_scope if they try to call it directly.
See Admin operations overview for details.
Return the integration catalog joined with this org's configuration state. Returns metadata only — credential values are never included in the response.
Tool key: admin_list_integrations
Parameters
None — the org is derived from the API key, and the response covers the entire catalog.
Required Integrations
None.
Output
{
"integrations": [
{
"key": "hginsights_v2",
"name": "HG Insights v2",
"description": "Unified API for technographic, firmographic, and intent data.",
"isConfigured": true,
"hasCredentials": true,
"configuredAt": "2026-04-15T10:30:00.000Z",
"updatedAt": "2026-04-29T14:00:00.000Z",
"configuredByEmail": "alice@acme.com"
}
]
}
hasCredentials aliases isConfigured for clarity in API responses.
configuredByEmail is null when the integration is not configured or
when the user who originally set it no longer exists.
How It Works
- Org slug is derived from the API key.
- The catalog is read from
public.integrations(all enabled keys). - The org's
configured_integrationstable is read for metadata only — thevaluecolumn is never selected. - Both result sets are joined client-side and merged with
configured_byuser emails (single batched IN-query againstpublic.users). - A row is written to
webapp_org_admin_audit_logwith actionlist_integrations. Reads are audited because the response itself reveals which integrations the org has activated, which is sensitive.
Use Cases
- "What integrations does my org have set up?" (admin Q&A via Claude / ChatGPT MCP).
- IT inventory: feed the response into a dashboard or audit report.
- Pre-flight check before a credential rotation script runs.
Errors
403 forbidden_admin_scope— caller's API key is not admin-scoped.