Connectors
QuantaSeal supports 38+connectors across CRM, ERP, cloud, streaming, databases, identity, and collaboration platforms - all protected by ML-KEM-768Β +Β ML-DSA-65Β +Β AES-256-GCM post-quantum cryptography.
Overview#
Every connector in QuantaSeal follows the same security model: credentials are sealed in QuantaVault with 3-layer PQC encryption, and every outbound API call is proxied through the UniversalProxyEngine which applies a HybridCryptoEnvelope to the payload before it leaves your perimeter.
Seal credentials once
Store API keys, OAuth2 client secrets, and certificates in QuantaVault. They are encrypted with ML-KEM-768 and wrapped by AWS KMS. You never pass secrets in code.
Proxy through QuantaSeal
POST /api/v2/proxy/outbound with your integration_id and operation. QuantaSeal unseals the credential, signs the request, and forwards it to the target system.
Verify the response
Every response is wrapped in a HybridCryptoEnvelope. Your application verifies the ML-DSA-65 signature and HMAC-SHA-512 before trusting the decrypted payload.
X-API-Key: qs_live_... in the request header. The API key is stored as a bcrypt hash - QuantaSeal cannot recover a lost key. Generate a new one from Dashboard β Settings β API Keys.π₯CRM#
Proxy outbound API calls to your CRM systems with PQC-encrypted credentials and signed request envelopes.
Salesforce
salesforceFull bidirectional proxy for Salesforce REST API, SOQL queries, bulk operations, and OAuth2 JWT Bearer flows. Includes native Salesforce Managed Package 2GP with Apex classes.
HubSpot
hubspotProxy HubSpot CRM API calls (contacts, deals, companies, tickets) with PQC-sealed OAuth2 tokens and signed payloads.
Microsoft Dynamics 365
dynamics365Secure Dataverse REST API and Dynamics 365 module calls through QuantaSeal with Azure AD OAuth2 credentials sealed in QuantaVault.
Zoho CRM
zohoProxy Zoho CRM v2 API calls with PQC-encrypted OAuth2 client credentials. Supports modules, custom views, and bulk read.
Pipedrive
pipedriveProxy Pipedrive REST API for deals, contacts, and pipeline management with PQC-sealed API tokens.
πERP#
Protect sensitive financial and supply-chain data flows to and from your ERP systems with quantum-safe encryption.
SAP S/4HANA
sapBidirectional proxy for SAP OData v4, BAPI/RFC, and S/4HANA REST APIs. Credentials stored as PQC-sealed basic_auth or oauth2_client in QuantaVault.
Oracle ERP Cloud
oracle_erpProxy Oracle Fusion REST APIs (Financials, SCM, HCM) with PQC-sealed basic_auth or OAuth2 credentials and signed request envelopes.
NetSuite
netsuiteProxy NetSuite SuiteQL and REST API calls with PQC-sealed OAuth1 or OAuth2 credentials. Supports saved searches and custom records.
Microsoft Dynamics 365 Business Central
dynamics365_bcProxy Business Central OData v4 APIs for finance, inventory, and sales with PQC-encrypted Azure AD credentials.
βοΈCloud Storage & Messaging#
Encrypt data before it reaches cloud storage and message queues. QuantaSeal acts as a PQC proxy so plaintext never leaves your perimeter unprotected.
AWS S3
aws_s3Proxy S3 object uploads and downloads. All payloads are wrapped in a ML-KEM-768 + AES-256-GCM HybridCryptoEnvelope before write and unwrapped on read.
AWS SQS / SNS
aws_sqsPQC-encrypt message bodies before publishing to SQS queues or SNS topics. Signed envelopes allow consumers to verify authenticity.
Azure Blob Storage
azure_blobProxy Azure Blob container reads and writes. Blobs are encrypted client-side with ML-KEM-768 before upload; Azure never sees plaintext.
Azure Service Bus
azure_service_busSend and receive messages through Azure Service Bus with PQC-signed envelopes to detect message tampering end-to-end.
GCP Cloud Storage
gcp_storageProxy GCP Storage object operations with PQC-sealed service-account credentials. Supports uniform bucket-level access patterns.
GCP Pub/Sub
gcp_pubsubPublish and pull Pub/Sub messages with PQC-encrypted bodies and ML-DSA-65 signatures verifiable by subscribers.
πStreaming#
Add post-quantum encryption to high-throughput data streams without sacrificing throughput - QuantaSeal batches PQC operations efficiently.
Apache Kafka
kafkaProxy Kafka produce/consume calls. Message values are ML-KEM-768 encrypted before write; consumer groups receive signed envelopes they can verify.
RabbitMQ
rabbitmqProxy AMQP message publish and consume through QuantaSeal with PQC-encrypted payloads and per-tenant HMAC signing.
MQTT
mqttEncrypt MQTT message payloads with AES-256-GCM (key encapsulated via ML-KEM-768) for IoT and industrial telemetry pipelines.
ποΈDatabases#
Apply field-level PQC encryption before data reaches your database. QuantaSeal acts as a transparent proxy between your application and your DB layer.
PostgreSQL
postgresProxy PostgreSQL DSN credentials through QuantaVault and apply field-level tokenization or encryption on query parameters and results.
MySQL
mysqlPQC-seal MySQL credentials and proxy parameterized queries with column-level encryption for PII fields.
MongoDB
mongodbProxy MongoDB Atlas or self-hosted MongoDB with PQC-sealed connection strings and field-level encryption for sensitive document fields.
Snowflake
snowflakeProxy Snowflake SQL queries with PQC-sealed key-pair authentication. Sensitive columns can be tokenized before landing in Snowflake.
BigQuery
bigqueryProxy BigQuery job submission with PQC-sealed GCP service-account credentials. Apply tokenization on PII fields before data lands in BigQuery.
πIdentity & SSO#
Seal identity provider credentials and proxy token exchange calls so OAuth2 client secrets never travel in plaintext.
Okta
oktaProxy Okta Management API calls (users, groups, apps) with PQC-sealed OAuth2 client credentials and signed audit events.
Auth0
auth0PQC-seal Auth0 Management API tokens and proxy user management, tenant configuration, and log streaming calls.
Azure Active Directory
azure_adProxy Microsoft Graph API and Azure AD calls with PQC-sealed client_credentials or on-behalf-of OAuth2 tokens.
Ping Identity
ping_identityProxy PingFederate or PingOne API management calls with PQC-sealed client credentials and HMAC-signed request payloads.
π¬Collaboration#
Encrypt notification payloads and webhook bodies before they reach collaboration platforms - so sensitive data is never exposed to third-party SaaS.
Slack
slackProxy Slack Web API calls (chat.postMessage, files.upload) with PQC-sealed OAuth2 Bot tokens and signed webhook bodies.
Microsoft Teams
teamsProxy Teams Graph API calls and incoming webhook notifications with PQC-sealed Azure AD credentials.
Twilio
twilioPQC-seal Twilio Account SID and Auth Token and proxy SMS, voice, and Verify API calls. Validate inbound webhook signatures.
SendGrid
sendgridProxy SendGrid Mail Send and Marketing API calls with PQC-sealed API keys and signed event webhook payloads.
πIntegration Platforms#
Wrap integration platform credentials in QuantaVault so your iPaaS layer never handles raw secrets.
MuleSoft
mulesoftProxy MuleSoft Anypoint Platform API calls with PQC-sealed Connected App credentials. Sign policy enforcement payloads.
Boomi
boomiProxy Dell Boomi AtomSphere API calls with PQC-sealed basic_auth credentials and per-request HMAC signing.
Informatica
informaticaProxy Informatica Cloud REST API calls for IDMC job management with PQC-sealed OAuth2 credentials.
Zapier
zapierSeal Zapier webhook URLs and API keys in QuantaVault and sign outbound Zap trigger payloads with ML-DSA-65.
βοΈGeneric Adapters#
Use these adapters when your target system doesn't have a named connector. All generic adapters apply the same ML-KEM-768 + ML-DSA-65 encryption pipeline.
Generic REST API
generic_restProxy any REST API. Configure target URL, headers, and body transformation. QuantaSeal applies PQC encryption and adds X-QuantaSeal-Signature to every request.
Generic gRPC
generic_grpcProxy gRPC unary and streaming calls with PQC-encrypted payloads. Credentials are sealed in QuantaVault; mTLS certificates supported.
Inbound Webhook
webhook_adapterReceive inbound webhooks from any source. QuantaSeal verifies the HMAC signature, decrypts the payload, and forwards it to your application.