Integrations and APIs: Connect Cadences with Everything

Software that doesn't connect to anything is isolated software. Cadences has 15+ integrations in production — from Google authentication to AI phone calls — and all follow the same design principles: security, reliability and minimal configuration.

Integration philosophy: In Cadences, integrations aren't "installed from a marketplace". They're woven into the platform's core. Twilio isn't a plugin — it's the voice system. ElevenLabs isn't an add-on — it's the audio engine. Google isn't a connector — it's the auth system.

Ecosystem

Integration Map

This is the complete map of external services Cadences uses in production:

Service	Function	Protocol	Auth
Google OAuth	User authentication	OAuth 2.0 + PKCE	Client Secret
Google Drive	Data sync + backup	REST API v3	Bearer Token
Google Gemini	Multi-modal generative AI	REST API	API Key
Twilio	Telephony + SMS + WhatsApp	REST + WebSocket	Account SID + Token
ElevenLabs	Voice AI + TTS + Cloning	REST + WebSocket	API Key
DeepSeek	Advanced reasoning AI	OpenAI-compatible	API Key
OpenAI	GPT-4 + DALL·E	REST API	API Key
Anthropic	Claude for agents	REST API	API Key
Cloudflare	Workers + D1 + R2 + DO	Edge Runtime	Wrangler Auth
Cloudflare Turnstile	Bot protection (CAPTCHA)	Server-side verify	Site Key + Secret
Meta WhatsApp	Official WhatsApp Business API	Graph API v19	Bearer Token
Unsplash	Images for storefronts	REST API	Access Key
DICOM (internal)	Medical imaging	Workers API	Auth Header

Authentication

OAuth 2.0: The Authentication Flow

Cadences uses Google as the primary identity provider. The OAuth 2.0 flow is implemented in two variants depending on context:

🌐

Web (Storefronts)

Uses Google Identity Services (GIS) with token client. The user clicks "Login with Google", a popup opens, and the token is validated server-side against the storefront's authorized email list.

🖥️

Desktop (Electron)

OAuth 2.0 with PKCE + Token Client. The token is stored in IndexedDB (not localStorage). Refresh is handled automatically with a callback that updates the AuthContext.

Server-side Google token validation

// Worker: Validate Google token at the edge
async function validateGoogleAuth(request, storefrontConfig) {
  const token = request.headers.get('Authorization')
    ?.replace('Bearer ', '');

  // Verify token with Google
  const googleResponse = await fetch(
    'https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=' + token
  );
  const googleData = await googleResponse.json();

  // Is the email authorized for this storefront?
  const authorized = storefrontConfig
    .authorizedEmails
    .includes(googleData.email);

  if (!authorized) {
    return new Response('Unauthorized', { status: 403 });
  }

  return { email: googleData.email, verified: true };
}

Telephony

Twilio: Telephony, SMS and WhatsApp

Twilio is the communications nervous system of Cadences. It's not a simple connector — it's the infrastructure enabling AI phone calls, SMS from workflows, and WhatsApp Business communication.

📞

Voice (AI Calls)

Twilio Media Streams connects real phone calls with Durable Objects. Audio is processed in real-time with ElevenLabs to create natural conversations with AI agents.

💬

SMS / MMS

Send messages from automation workflows. Appointment confirmations, payment reminders, shipping notifications — all configurable as workflow actions.

📱

WhatsApp Business API

Two routes: Meta's official API (Graph API v19) for certified template sends, or Twilio as middleware for a unified SDK with SMS.

Multi-Provider AI

4 AI Providers, 1 Interface

Cadences agents can use any of the 4 AI providers interchangeably. The system abstracts API differences so the user only chooses the model — everything else is transparent:

🔷

Google Gemini

Default provider

Multi-modal (text, image, audio, video). Gemini 2.0 Flash for high speed. Google AI Studio API with native streaming support.

🧠

DeepSeek

Advanced reasoning

OpenAI-compatible API — you can use the same SDK just changing the baseURL. DeepSeek R1 for complex reasoning at lower cost than GPT-4.

⚡

OpenAI

GPT-4 + DALL·E

The de facto standard. Chat completions, image generation with DALL·E, and embeddings. Compatible with function calling for tool-equipped agents.

🎭

Anthropic

Claude for long contexts

Claude 3.5 Sonnet with 200K token window. Ideal for analyzing extensive documents and conversations requiring full context.

Multi-provider AI: one interface, multiple engines

// The agent defines which provider to use
const agent = {
  name: "Sales Analyst",
  provider: "gemini",      // or "deepseek", "openai", "anthropic"
  model: "gemini-2.0-flash",
  system_prompt: "You are an expert sales analyst..."
};

// The execution service abstracts the differences
async function generateContent(agent, prompt) {
  switch (agent.provider) {
    case "gemini":
      return await callGemini(agent.model, prompt);
    case "deepseek":
      return await callOpenAICompatible(
        "https://api.deepseek.com", agent.model, prompt
      );
    case "openai":
      return await callOpenAICompatible(
        "https://api.openai.com", agent.model, prompt
      );
    case "anthropic":
      return await callAnthropic(agent.model, prompt);
  }
}

Events

Webhooks: Real-Time Events

Webhooks are the backbone of asynchronous communication in Cadences. They allow external services to notify the platform when something happens, and Cadences to notify the outside world when an action completes.

← Incoming Webhooks

• Twilio: call completed, SMS received
• Stripe: payment succeeded, subscription canceled
• Typeform: form submitted
• Calendly: appointment scheduled
• GitHub: push, PR created

→ Outgoing Webhooks

• Slack: channel notifications
• Discord: server alerts
• Zapier / Make / n8n: external trigger
• Custom HTTP: any REST API
• Email: via SendGrid / Resend

Incoming webhook: Stripe payment → Cadences workflow

// Worker: receive Stripe webhook
export async function handleStripeWebhook(request, env) {
  // 1. Verify webhook signature
  const signature = request.headers.get('stripe-signature');
  const body = await request.text();
  const event = verifyStripeSignature(body, signature, env.STRIPE_WEBHOOK_SECRET);

  // 2. Process by event type
  switch (event.type) {
    case 'payment_intent.succeeded':
      // 3. Find contact in CRM by email
      const contact = await db.prepare(
        'SELECT * FROM contacts WHERE email = ?'
      ).bind(event.data.object.receipt_email).first();

      // 4. Create activity in contact timeline
      await db.prepare('INSERT INTO activities ...').bind(
        contact.id, 'payment', event.data.object.amount
      ).run();

      // 5. Trigger "New payment received" workflow
      await triggerWorkflow('payment-received', {
        contact, amount: event.data.object.amount
      });
      break;
  }

  return new Response('OK', { status: 200 });
}

Infrastructure

Cloudflare: The Foundation Platform

Cloudflare isn't "just another integration" — it's the infrastructure Cadences runs on. Here's the complete stack:

⚡

Workers

The entire backend runs on Workers. V8 isolates, 0ms cold start, 300+ global locations. Every request executes at the edge closest to the user.

🗄️

D1 (SQLite)

One SQLite database per organization. Total data isolation without WHERE tenant_id = ? filters. Native SQL queries at the edge.

🧠

Durable Objects

Persistent state with exclusive access. Every voice AI call, every chat session, every WebSocket — each is a Durable Object with exactly 1 active instance.

📦

R2 (Object Storage)

File storage — avatars, document attachments, audio exports — with no egress fees. S3 API compatible.

📄

Pages

Static storefront hosting. Build with Astro/Vite, auto-deploy with wrangler. Global CDN, automatic HTTPS, preview deployments.

Security

Integration Security Patterns

Every external integration is a potential attack vector. Cadences applies these security patterns across all integrations:

Pattern	Implementation	Where
Secrets in env vars	API keys in Cloudflare Secrets, never in code	All
Signature verification	HMAC-SHA256 for incoming webhooks	Stripe, Twilio
Rate limiting	Per-tier limits with Durable Objects	AI providers, API
Token rotation	Short-lived tokens + automatic refresh	Google OAuth, ElevenLabs
IP allowlisting	Known IPs only for critical webhooks	Twilio, Stripe
Premium feature guards	Costly APIs require active feature flag	Voice calls, WhatsApp

Want to integrate your service?

Cadences exposes a complete REST API for connecting your own services. Webhooks, API keys, OAuth — the infrastructure is ready.

Explore the Platform

Summary

Conclusion

Cadences integrations aren't superficial connectors. They're structural components of the platform. Google provides identity, Twilio provides voice, ElevenLabs provides intelligent audio, and Cloudflare provides infrastructure. Each piece has a clear purpose and is connected with production-grade security.

What makes Cadences different isn't the number of integrations, but how they're connected: verified webhooks, rotated tokens, per-tier rate limits, feature guards for costly APIs, and everything running on Cloudflare's edge with minimal latency.

The best integration is the one that feels invisible.