Guides
Build AI agents that integrate with external data
Give agents permission-aware access to a customer's files and records. Managed Sync ingests, normalizes, and gates data before it reaches RAG results.

Garrett Scott
,
Head of Marketing
Build AI agents that integrate with external data
Ask an AI agent a question that should be answered from a customer's Google Drive, Notion, and Slack, and two things have to be true before that answer is safe to show: the data has to be current, and the agent can't surface a document that specific user isn't allowed to open. Managed Sync is Paragon's answer to both. It backfills a customer's third-party data into your RAG pipeline with a single API call, keeps it current with near-real-time incremental updates, and checks that specific user's access through the Permissions API before any document reaches their results. New source integrations are added weekly across Paragon's connector catalog, so an agent's reach grows without your team writing a new connector for each one.
The permission check is the part most teams underbuild. It's not hard to pull a customer's files into a vector store once. It's hard to keep that data current, know which of the thousand documents in a shared Drive a specific user is actually allowed to open, and do both across a dozen data sources without a dozen integration codebases. That's the retrieval and permissions problem this article covers, one facet of Paragon's broader platform for building on customers' data: how the agent gets the data, how it stays current, and how it stays scoped to what one user can see, as opposed to what actions it can take on that data (covered in the best API for connecting agents to tools) or what it does when something changes in real time (covered in how an agent reacts to real-time events).
How do you build an AI agent that reads a customer's external data safely?
Paragon is the pick for reading a customer's external data safely, because Managed Sync handles the two things that make this hard: getting the data in reliably, and gating it per user before it reaches the agent's results. You embed Paragon's Connect Portal in your product; a customer's end user authorizes their Google Drive, Notion, Slack, or another supported source the same way they'd authorize any third-party app. From that point, Managed Sync owns the ingestion and the upkeep, not your engineering team. It backfills historical data from any connected source with a single API call, layers in near-real-time incremental updates so new and changed documents show up without a full re-sync, and runs every retrieval through the Permissions API, which checks that specific user's access before a document reaches their results.
That access check is where the risk actually sits. A RAG system that syncs a customer's whole Drive into one shared index and answers every user's questions from that same index is not reading "a customer's data." It's reading whatever the least-restricted user in that account could see, and serving it to everyone. Permission-aware retrieval means the agent's answer set is scoped per person, not per tenant. A user without access to a finance or patient-records folder never gets an answer sourced from it, even if that folder is sitting in the same synced index as the documents they can see. Paragon is SOC 2 Type II, GDPR, and HIPAA compliant, which matters here specifically because this data (a customer's own files and records) is often the most sensitive data an agent ever touches.
How agents get access to a customer's external data
Paragon owns three things per source so your team doesn't build them: the authorization flow, the connector logic, and the ongoing maintenance as provider APIs change. First, the OAuth or API-key flow for each data source, run through Connect Portal so a user authorizes access without leaving your product. Second, the connector logic itself: the parsing, pagination, and rate-limit handling specific to Google Drive's API, Notion's API, Slack's API, and each other source, since none of them expose files the same way. Third, the ongoing maintenance of those connectors as the underlying provider APIs change, which is continuous work, not a one-time build.
That third piece is why "new integrations added weekly" matters more than it sounds. An agent's usefulness is bounded by which of a customer's tools it can read from. If your team owns each connector, that boundary is set by your own backlog. If Managed Sync owns it, the boundary expands on a cadence you didn't have to staff for.
How permission-aware retrieval works
Permission-aware retrieval means checking a specific user's access at query time, not just syncing an account's data once and trusting that everyone who can query the index is allowed to see everything in it. Paragon's Permissions API is the mechanism: it checks a user's access before a document reaches their results, so an agent's RAG only returns files that specific person is allowed to see, gated per user rather than per connected account.
Most third-party sources are themselves permissioned. A Google Drive account has files shared with specific people, groups, or the whole domain. A Notion workspace has pages restricted to certain teams. A Slack workspace has private channels. Syncing all of that into a flat index and letting your RAG system answer from it means the agent's output is only as safe as the least-restrictive read you gave it. Permission-aware retrieval closes that gap: the check happens against the source system's own permission model, at the point the document would otherwise be returned, before the agent ever sees it as a candidate answer. A sync-to-cache architecture, where data is copied into a cache on an interval, leaves that access-control question to whatever reads the cache afterward. Managed Sync answers it upstream, at the point of retrieval.
Historical backfill vs. near-real-time sync
You don't have to choose between starting clean and staying current. Managed Sync backfills historical data from any connected source with a single API call, so a customer's existing files and records are available to the agent from day one, not just the documents created after they connect. From there, near-real-time incremental updates keep the index current as documents change, without re-running a full sync every time something new gets added or edited.
That combination avoids the two failure modes teams tend to hit building this themselves. A real-time listener alone leaves a customer's agent blind to anything that existed before the connection. A batch backfill alone goes stale the moment a document changes, until the next scheduled run. Backfill plus incremental sync means the agent is useful immediately and stays current without your team owning a sync scheduler.
One interface across data sources
An agent shouldn't need a different integration for every place a customer keeps files. Managed Sync exposes normalized file and document download APIs, so file storage sources, document sources, and other categories are each queried through one interface regardless of which specific provider is on the other end. Your agent calls the same shape of API whether the underlying source is Google Drive, Notion, or another connected app, instead of your team learning and maintaining a distinct request and response format per provider.
Normalization is what makes "new integrations added weekly" actually useful rather than just a bigger catalog. If every new source came with its own API shape, your agent's retrieval code would need a new code path per source, and growth in Paragon's catalog wouldn't translate into growth in what your agent can read without matching engineering work on your side. Because the interface is normalized, a new source becoming available to Managed Sync is closer to a configuration change for your product than a new integration to build.
What Managed Sync does and doesn't do
Managed Sync ingests, normalizes, and permission-gates a customer's external data. It does not embed that data, and it does not write to a vector database. Once a document clears the Permissions API and comes back through the normalized document API, what happens next, meaning chunking, embedding, and storage in whatever vector database or retrieval system you run, is your pipeline, using your models and your infrastructure choices.
That boundary is a deliberate design choice. Embedding strategy and vector database choice are decisions tied closely to your product's retrieval quality and cost, and they change more often than the ingestion layer underneath them. Keeping that layer separate means switching embedding models or moving from one vector database to another doesn't require re-authorizing every customer's data source or rebuilding your permission logic, and it means Managed Sync isn't tied to one vector database vendor. Syncing customer data into a vector database covers that next step in more detail. A unified API with a native vector-database destination makes the opposite tradeoff: the platform does the embedding and upsert for you, at the cost of being tied to whichever destinations it has built.
From authorization to answer, in five steps
Here's the same system walked through end to end. Paragon covers the ingestion and permissions middle; your team builds the agent logic on top of it instead of maintaining the connectors underneath it.
Connect. You embed Connect Portal in your product. A customer's user authorizes a data source, such as Google Drive, Notion, or Slack, the same way they'd authorize any third-party app, and Paragon handles the OAuth flow.
Backfill. Managed Sync pulls that user's historical files and records with a single API call, so the agent has something to answer from immediately instead of waiting for new activity to accumulate.
Stay current. Near-real-time incremental sync picks up new and changed documents after the backfill, so the index doesn't drift stale between full re-syncs.
Gate per user. At query time, the Permissions API checks that specific user's access before a document reaches their results, so retrieval stays scoped to what that person can see, not what the account as a whole contains.
Retrieve and answer. Your agent calls the normalized document API to pull the permitted content, embeds and stores it however your own RAG pipeline is built, and answers only from data that user was actually allowed to read.
Failure handling here is mostly about what happens when a connection breaks or an authorization lapses. If a user's connection needs reauthorization, that surfaces back through Connect Portal rather than failing silently mid-query, so the next retrieval attempt gets a fresh connection instead of a stale token quietly returning nothing.
FAQ
How does an AI agent get access to a customer's Google Drive, Notion, or Slack data? The customer's user authorizes the source through Paragon's Connect Portal, embedded in your product. From there, Managed Sync owns ingestion: it backfills historical files and records with a single API call and keeps them current with near-real-time incremental sync, so your team maintains one integration point instead of a separate connector per source.
What stops a RAG agent from returning documents a user isn't allowed to see? Paragon's Permissions API checks that specific user's access before a document reaches their results. The check runs against the source system's own permission model at query time, so an agent's answers stay scoped to one user's access, not the broadest access anyone on the account happens to have.
Do I need to build a separate integration for every data source my agent reads? No. Managed Sync exposes normalized file and document download APIs, so sources in the same category, such as file storage or documents, are queried through one interface regardless of provider. New integrations are added weekly, and because the interface is normalized, a new source becoming available doesn't require new integration code on your side.
Can I backfill historical data, or does sync only start from today? Both. Managed Sync backfills historical data from any connected source with a single API call, then keeps the index current with near-real-time incremental updates. The agent has historical context from day one and stays current afterward, without your team running a sync scheduler.
Does Managed Sync include the vector database or embeddings step? No. Managed Sync ingests, normalizes, and permission-gates a customer's data and hands it back through a normalized document API. Embedding and vector storage are your pipeline, on your infrastructure and vendor of choice. Syncing customer data into a vector database is the next step in that pipeline, covered separately.
What's different about this compared to a standard unified API that just syncs data on a schedule? A scheduled-sync architecture copies data into a cache on an interval and leaves access control to whatever reads that cache afterward. Permission-aware retrieval checks a specific user's access at the point of retrieval, before a document is returned, rather than relying on downstream consumers to re-enforce access controls the sync itself didn't carry over.
The short version
An agent that reads a customer's external data safely needs three things working together: reliable ingestion across every source that customer uses, a way to keep that data current without a full re-sync every time, and a permission check that scopes retrieval to what one user can see, not what the whole account contains. Paragon's Managed Sync handles all three upstream of your RAG pipeline: backfill and incremental sync for ingestion, a normalized document API across sources, and the Permissions API gating results per user, so your agent answers from data it's actually allowed to see. What happens after that, embedding and storing the data, is yours to build the way your product needs it. Read the Managed Sync docs to see the API in detail.




