FAQ
The questions that come up most often.
If your question isn’t here, Troubleshooting covers errors and broken flows. Anything else, file from the dashboard.
Yes. Agent Handler is generally available, with a paid tier and an enterprise tier. The free tier exists for evaluation; production usage is on Starter, Business, or Enterprise depending on volume. See Billing and usage.
Unified API is a REST API that normalizes data across many third parties - write code against one schema, read data from many systems. Agent Handler is an MCP server that exposes write actions across many third parties - your agent calls one MCP endpoint, Agent Handler routes to the right Connector with the right end-user’s credentials, scanned through your security rules.
For data sync, integration, or analytics: Unified API. For agents that take actions: Agent Handler. Some teams use both.
Yes. Agent Handler exposes tools via MCP, which is model-agnostic. Anthropic’s Claude has native MCP support; OpenAI, Gemini, Llama, and others can use MCP through any of the open-source MCP client libraries. The model doesn’t matter - what matters is that the agent runtime speaks MCP.
Standard plans run on Agent Handler’s hosted infrastructure (US-East). Enterprise contracts can include single-tenant instances, regional residency (EU, APAC), and VPC peering. Contact your account team.
Yes - any MCP server you operate at a public HTTPS URL can be registered as a custom Connector. Agent Handler discovers its tools and exposes them through the same MCP URL your agent already uses. See Custom MCP servers.
If the third party you need is missing from the catalog and you don’t want to operate your own MCP server forever, request a Connector - we add new ones based on customer demand.
By default, Agent Handler uses Merge’s OAuth apps for each Connector. To switch to your own branding, register your OAuth app with the third party and add the credentials to Agent Handler. See Application Credentials.
Yes, through three layers:
Tool Call Logs, Audit Trail, credentials, and configuration are stored in encrypted databases on AWS US-East. Encrypted in transit (TLS 1.2+), encrypted at rest (AES-256). Enterprise plans can pin storage to other regions.
Yes. Agent Handler operates under Merge’s SOC 2 Type II program. Reports are available under NDA - request from your account team.
90 days on standard plans, longer on Business and Enterprise. Beyond retention, webhook forwarding lets you stream events to your own warehouse for arbitrary retention.
Two paths.
For revocation without deletion (the user offboards but you want the Audit Trail intact): mark the Registered User as inactive via PATCH /registered-users/{id} with is_active: false. Their credentials are revoked; tool calls fail closed. History is retained per your plan’s retention.
For full deletion (GDPR data subject requests, account closure): DELETE /registered-users/{id}. Deletes credentials, profile, and all associated tool-call records. Irreversible.
If the Security Gateway’s outbound action is redact, the model sees [REDACTED:EMAIL] (or similar) instead of the original value. The original never reaches the model. If the action is block, the call doesn’t return at all - the agent gets an error indicating a security rule fired.
Yes. All stored OAuth tokens, refresh tokens, and any custom credentials are encrypted with AES-256 at rest and decrypted only at the moment of injection into outbound calls. Your code (and the model) never sees them.
The Tool Call Logs show a latency breakdown per call - auth resolution, Security Gateway scan, Connector dispatch, third-party round-trip. Most of the time, “slow” is the third party itself. Agent Handler typically adds 50–200ms over the third party’s response time.
If you’re seeing >500ms of Agent Handler-side latency consistently, file a support ticket with a tool call ID - we can find it in our backend logs.
Tool calls aren’t cached server-side - every call to the agent produces a fresh call to the third party. If the same lookup is hot in your agent’s flow, cache it client-side in your agent runtime.
Yes, but typically under 50ms per call. Standard Entity Rules and custom regex are evaluated in parallel. If you’ve configured many Custom Regex Rules with broad patterns, latency rises proportionally - the Rule Tester gives you a feel for per-rule cost.
Every successful tools/call against the MCP endpoint counts as one. Failed calls, blocked-by-rule calls, and tools/list calls don’t count.
Test API key usage doesn’t count - testing against test users is free.
Tool calls return billing_limit_reached until the next billing cycle. The dashboard remains accessible - only tool execution stops. Upgrade in the dashboard for an immediate lift.
On Business and Enterprise plans, yes. Useful when one runaway user shouldn’t be able to consume your whole quota. Configured per Registered User.
Settings → API Keys → Regenerate token. The old key stops working immediately on regeneration - propagate the new key to every backend before clicking. See Access Keys.
status.merge.dev for incidents and uptime. Subscribe for email or RSS updates.
From the dashboard’s help menu, or directly to your account team. We track requests and prioritize against the rest of the roadmap; we’ll let you know when something you asked for ships.
The Merge changelog covers product changes across Agent Handler, Unified API, and Gateway. Filter by Agent Handler if you only want the relevant entries.
If you hit a specific error or broken flow, see Troubleshooting.