Skip to main content

ConnectWise Manage + Hatz AI Integration Guide (For MSPs)

This guide walks you through securely integrating ConnectWise PSA with Hatz AI using least-privilege access

Updated over a week ago

πŸ’‘Beta Features must be enabled in the tenant in order to access the ConnectWise PSA Beta Integration. Please reference How to Enable Beta Integrations for assistance.

This guide will cover:

  • Creating a dedicated security role

  • Setting up an API member and keys

  • Noting common gotchas

  • Completing the connection in Hatz AI

Prerequisites

  • ConnectWise PSA admin access

  • A dedicated Security Role for Hatz AI (least privilege)

  • A ConnectWise API Member for Hatz AI

  • ConnectWise Developer Client ID (required; see Step 2)

  • Your ConnectWise Company ID

  • Your ConnectWise Site/Host (enter without https://; see Gotchas)

Step 1: Create a Security Role

  1. Sign in to ConnectWise PSA.

  2. Go to System β†’ Security Roles.

  3. Click the + above the role list/search bar to create a new role.

  4. Name the role HatzAI API.

  5. Configure permissions according to least-privilege recommendations.

Step 2: Request the ConnectWise Developer Client ID

Some integrations do not require this ID, but the Hatz AI integration does. This can take a few hours to return.

  • Request the Developer Client ID from ConnectWise.

  • Typical turnaround is about one hour based on recent partner feedback.

  • You will use this ID in Hatz AI when configuring the ConnectWise connector.

Step 3: Create an API Member and Keys

  1. In ConnectWise Navigate to System β†’ Members β†’ API Members.

  2. Click the + to create a new API member.

  3. Set Member ID and Member Name (recommended: HatzAI_API).

  4. Set Role ID to HatzAI API (the role you created in Step 1).

  5. For Level, choose the highest level your organization uses for API members (e.g., Corporate (Level 1)).

  6. Select Location, Department, Name, and Default Territory per your company guidelines.

  7. Click Save icon at the top of the page.

Create API Keys

  1. Open the HatzAI_API member you just created.

  2. Go to API Keys and click + to add a new key

  3. Add a new API Key

  4. Enter Description: "Hatz AI API"

  5. Click the Save icon to generate keys.

  6. Securely store the Public Key and Private Key. You will not be able to view the Private Key again.

Step 4: Configure the Integration in Hatz AI

  1. Login to the customer dashboard view

  2. Click the "Workspace" Tab

  3. Click "Integrations"

  4. Click "Add an Integration"

  5. Find ConnectWise Manage, click "Add"

  6. Click "Connect"

7. Populate the following Data:

  • Company ID: Your ConnectWise company identifier.

  • Public Key: From Step 3.

  • Private Key: From Step 3.

  • Developer Client ID: From Step 2.

  • ConnectWise URL: Enter your ConnectWise host without https:// (example: api-na.myconnectwise.net or your region-specific host).

Step 5: Test the Connection

  1. Test Connection in Hatz AI after entering credentials.

  2. Verify you can list companies in Hatz AI.

  3. If enabling ticket or contact features, perform a read-only test first (e.g., view a ticket) before enabling create/update actions.

Notes and Known Gotchas

  • Developer Client ID required: Unlike some other CW integrations, Hatz AI requires a Developer Client ID. Plan for a short delay (about one hour) after requesting it.

  • URL formatting: Leave off https:// in the Site/Host field. Enter only the hostname (for example, api-na.myconnectwise.net).

  • Save keys securely: You cannot retrieve the Private Key again after creation.

  • Least privilege: If a feature fails due to insufficient permissions, adjust only the specific policy rather than broadening the entire role.

Required Permissions (Least-Privilege Guidance)

  • Authentication and company listing require read/inquire permissions on companies and related metadata.

  • Additional features (tickets, contacts, configurations, etc.) require corresponding inquire/create/update permissions.

  • Use the ConnectWise PSA Security Role Setup for an up-to-date, feature-by-feature permission checklist.

  • Apply only what you need initially and expand carefully.

Troubleshooting

  • 401/403 errors:

    • Verify Public/Private keys and Developer Client ID.

    • Confirm the API Member is Active and assigned the HatzAI API role.

    • Check that your Site/Host is correct and does not include https://.

  • 404 or endpoint errors:

    • Confirm correct regional host (for example, api-na vs api-eu) and that your company is provisioned there.

  • Permission denied:

    • Compare the failing action to the Security Role Setup guide and grant only the missing policy.

  • Clock skew:

    • Ensure your system time is accurate; some APIs are sensitive to time drift.

Security Best Practices

  • Use a dedicated API Member and role for Hatz AI only.

  • Grant least privilege and review periodically.

  • Rotate keys on a defined schedule or if exposure is suspected.

  • Store secrets in a secure vault; never email or paste into chat tools.

Support and References

Did this answer your question?