Hyperproof
Hyperproof is a compliance operations platform that helps security and compliance teams manage controls, evidence (proof), risks, vendors, issues, and audit programs in one place. This connector gives Claude access to your Hyperproof organization so it can query controls, track tasks, review risks, and retrieve evidence — all without leaving your AI workflow.
Authentication Types
Hyperproof supports one authentication method in this connector:
- OAuth 2.0 (Authorization Code) — Users authorize Claude to access their Hyperproof organization. Supports PKCE for enhanced security and returns long-lived refresh tokens (~15 years).
- Pros: Full user-level permissions; tokens refresh automatically; no shared secrets at runtime.
- Cons: Requires Hyperproof support to register an OAuth client application before you can connect.
General Settings
| Setting | Description | Example |
|---|---|---|
| Region (Instance URL) | The Hyperproof API base URL for your organization's region. | https://api.hyperproof.app |
Choose the value that matches where your Hyperproof organization is hosted:
| Region | Instance URL |
|---|---|
| United States (default) | https://api.hyperproof.app |
| European Union | https://api.hyperproof.eu |
| US Government | https://api.hyperproofgov.app |
Setting up OAuth
Hyperproof requires you to register an OAuth client application with their team before you can use the Authorization Code flow. This is a one-time process.
Step 1: Request an OAuth client application
- Go to https://hyperproof.io/oauth-client-application/ and fill out the request form.
- In the form, provide a name for your application (e.g. "Webrix Integration") and select Authorization Code as the grant type.
- Submit the form. Hyperproof support will email you a Client ID and Client Secret once your application is approved.
Step 2: Note the redirect URI
When Hyperproof support contacts you, they will need you to confirm the redirect URI. Use the callback URL shown in the Webrix connection wizard (displayed in the Redirect URL step). It will look similar to:
- For SaaS deployments:
https://{org}.mcp-s.com/{org}/api/auth/callback - For On-Premise deployments:
{connectUrl}/{org}/api/auth/callback
Provide this URL to Hyperproof support so they can allowlist it for your client application.
Step 3: Connect in Webrix
- Open the Hyperproof connector in Webrix and click Connect.
- Paste your Client ID and Client Secret into the credentials fields.
- Select the Region that matches your Hyperproof organization.
- Click Authorize — you will be redirected to Hyperproof's login page.
- Log in to Hyperproof and grant consent. If your account belongs to multiple organizations, Hyperproof will ask you to select which one to authorize.
- You will be redirected back to Webrix and the connection will be active.
Scopes
The connector requests the following scopes, which cover all 28 tools:
| Scope | Purpose |
|---|---|
control.read / control.update | Read and manage controls |
label.read / label.update | Read and manage labels |
task.read / task.update | Read and manage tasks |
issue.read / issue.update | Read and manage issues |
proof.read / proof.update | Read proof metadata and contents |
program.read / program.update | Read and manage compliance programs |
risk.read / risk.update | Read and manage risks |
vendor.read / vendor.update | Read and manage vendors |
user.read | Read user profile information |
If you want a read-only connection, you can remove the *.update scopes in your Hyperproof API client settings.
Troubleshooting
invalid_grant error during authorization
Cause: The PKCE code verifier does not match the code challenge that was stored during the authorization request. This can happen if the browser session is interrupted or the authorization code is used more than once.
Solution: Close the authorization popup and click Connect again to start a fresh OAuth flow.
Wrong organization selected
Cause: Hyperproof scopes access tokens to a single organization. If you are a member of multiple Hyperproof orgs, you may have selected the wrong one during consent.
Solution: Disconnect the integration in Webrix, click Connect again, and when Hyperproof's consent screen appears, select the correct organization.
API returns 401 after the integration was working
Cause: The access token has expired and the refresh token rotation failed — for example, the refresh token was invalidated because another token refresh happened concurrently, or the Hyperproof session was revoked by an admin.
Solution: Disconnect and reconnect the integration to obtain a fresh access token and refresh token.
Region mismatch — 404 errors on all tool calls
Cause: The Instance URL in General Settings does not match the region where your Hyperproof organization is hosted.
Solution: Edit the integration and change the Region (Instance URL) to the correct value for your region (US, EU, or Gov). See the table in General Settings above.