Skip to main content
fetch_external is Reacher’s general-purpose HTTP proxy. It forwards requests to external APIs, automatically injecting the right authentication token based on the target domain. Tokens stay on the server — Claude never sees them. This is the core insight behind Reacher’s design: Claude already knows REST APIs. It doesn’t need a dedicated tool for GitHub, Linear, or Notion. It needs a way to call those APIs with your credentials. fetch_external is that mechanism. 
PROXY_ALLOWED_DOMAINS=api.github.com,api.linear.app,api.notion.com
That’s three API integrations. One tool.

Prerequisites

  • The target domain must be listed in PROXY_ALLOWED_DOMAINS (comma-separated)
  • For authenticated APIs, add the domain-to-token mapping in FETCH_EXTERNAL_TOKEN_MAP
# .env
PROXY_ALLOWED_DOMAINS=api.github.com,api.linear.app
FETCH_EXTERNAL_TOKEN_MAP={"api.github.com":"GITHUB_TOKEN","api.linear.app":"LINEAR_TOKEN"}
GITHUB_TOKEN=ghp_xxxxxxxxxxxx
LINEAR_TOKEN=lin_api_xxxxxxxxxxxx
When a request hits api.github.com, the tool looks up "api.github.com" in FETCH_EXTERNAL_TOKEN_MAP, finds "GITHUB_TOKEN", reads that env var, and injects Authorization: Bearer ghp_xxx automatically.

Parameters

url
string
required
The full URL to fetch. Must be a valid URL including scheme (e.g. https://api.github.com/user).
method
string
HTTP method. Accepted values: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS. Defaults to GET.
body
object
Request body for POST, PUT, and PATCH requests. Serialized as JSON. Content-Type: application/json is added automatically if not already present.
headers
object
Additional headers to include in the request. Merged with any injected auth headers. If you specify Authorization here it will be overridden by the injected token for the domain.

Return value

success
boolean
true if the HTTP response status was in the 2xx range (response.ok).
status
number
HTTP status code returned by the upstream server.
statusText
string
HTTP status text (e.g. "OK", "Not Found").
headers
object
Response headers as a key-value object.
body
object | string
Parsed response body. JSON responses are returned as a parsed object. All other content types are returned as a string.
url
string
The URL that was fetched.

Security

When a request targets a domain not in PROXY_ALLOWED_DOMAINS, the tool returns immediately without making any network request: 
{
  "success": false,
  "error": "Domain not allowed",
  "url": "https://evil.example.com/steal",
  "hostname": "evil.example.com"
}
This prevents the server from being used as a proxy to arbitrary destinations. Only explicitly allowed domains are reachable.

Usage examples

{
  "url": "https://api.github.com/user",
  "method": "GET"
}
For GitHub-specific searches (PRs by author, commits by date), use the dedicated github_search tool. It returns clean minimal output optimized for that use case.