Skip to main content
Before one app can call another, you need to grant it access. This page covers how to set up and manage those permissions.

Two Ways to Grant Access

Allow All Apps

The quickest option. Toggle on Allow all apps to call this project in the app’s Cross-App settings. This lets any app in the organization read data from this app. Good for:
  • Data services that any app might need (product catalog, pricing, configuration)
  • Quick development and testing
  • Apps that share data openly within the org
“Allow all apps” only permits reading data. If another app needs to create, update, or delete anything, you’ll need an explicit grant.

Explicit Grants

For more control, create a grant between two specific apps. You choose:
  • Which app can call this one
  • What it can do — read only, read and write, or specific operations
Go to the app’s Settings tab, open Cross-App, and add a grant under Incoming Calls. You can also set it up from the caller’s side under Outgoing Calls — both create the same connection.

Managing Grants

Adding a Grant

  1. Open the app’s project settings
  2. Go to the Cross-App tab
  3. Under Incoming Calls, click Add grant
  4. Select the app you want to grant access to
  5. Choose what level of access to allow
  6. Save

Removing a Grant

Click the delete button next to any grant. Access is revoked immediately.

Call Logs

The Call Logs section on the Cross-App tab shows recent calls involving this app, both incoming and outgoing. Each entry shows which apps were involved, what was called, whether it succeeded, and how long it took. This is useful for debugging when a cross-app integration isn’t working as expected.

Settings

Allow Cross-App Calls

Lets any app in the organization read data from this app without needing an explicit grant. Off by default.

Allow Production Fallback for Sandbox Callers

During development, you might be testing in one app’s sandbox while the target app’s sandbox isn’t running. With this enabled, the platform routes sandbox calls to the target’s production deployment instead. Useful when you don’t want to keep every app’s sandbox running during development.

Allow Agent Access

Lets Starcat, your organization’s agent, operate this app directly — reading and writing through its API on your behalf — independent of app-to-app grants. Off by default. When it’s on, you also choose which of this app’s environments the agent may call (Production, Preview, Sandbox). See Agent Cross-App Calling for how the agent picks an environment and what it can do.

Developer-Agent Callable Environments

Controls which environments the in-project developer agent may originate cross-app calls from when you’re building inside this project:
  • Sandbox only — keeps the agent safe during development
  • Production only — for projects where you only want the agent querying live data
  • Both (default) — the agent can call from either environment
This is the outbound counterpart to Allow Agent Access above, which controls what the org agent may call into this app.