Custom API Tools
Create HTTP tools that let your assistant call your own APIs — with built-in authentication support.
Custom API Tools are best when you have a simple HTTP API and want the assistant to call it when needed. Common examples include checking order status, creating support tickets, checking inventory, looking up appointments, or sending data to an internal system.
Create A Tool
- Open the Admin Panel.
- Select your assistant.
- Go to Tools.
- Click New Tool.
- Fill in the tool details (name, URL, method, parameters).
- Configure authentication if the API requires it.
- Click Create or Save.
Fields
| Field | Meaning |
|---|---|
| Name | A short action-oriented name, for example lookup_order |
| Description | When the assistant should use this tool. This is important because the AI uses it to decide whether to call the tool |
| Method | HTTP method: GET, POST, PUT, PATCH, or DELETE |
| API URL | The endpoint Assistant Core will call |
| Parameters | Information the assistant should collect before calling the API |
| Strict | When enabled, the parameter schema is stricter to reduce unexpected input |
Authentication
If your API requires authentication, you can configure it directly on each tool — no proxy endpoint needed.
| Auth Type | What to enter | Header generated |
|---|---|---|
| None | (nothing) | (no header sent) |
| Bearer | Token (e.g. sk-abc123) | Authorization: Bearer sk-abc123 |
| API Key | API key value | X-API-Key: <value> (or custom header) |
| Basic | username:password | Authorization: Basic <base64 encoded> |
| Custom Header | Header value | <Header Name>: <value> |
Credentials are AES-256 encrypted before being stored in the database. The Admin UI only shows a "Credential saved (encrypted)" indicator — it never displays the original credential.
When updating a tool, leaving the credential field empty keeps the existing credential. Only enter a new value when you want to replace it.
Parameters
Each parameter includes:
| Field | Meaning |
|---|---|
| Name | Parameter name sent to your API |
| Type | Data type: string, number, integer, boolean, or array |
| Description | Clear explanation of what the parameter means |
| Required | Whether the value is required |
| Enum values | Allowed values when the assistant should choose from a fixed list |
| Items type | Item type when the parameter is an array |
How Requests Are Sent
| Method | Parameter format |
|---|---|
| GET | Query string |
| DELETE | Query string |
| POST | JSON body |
| PUT | JSON body |
| PATCH | JSON body |
Example
An order lookup tool with authentication could be configured like this:
| Field | Value |
|---|---|
| Name | lookup_order |
| Description | Find shipping status by order ID when the user asks about an order |
| Method | GET |
| API URL | https://api.example.com/orders/status |
| Auth Type | Bearer |
| Credential | your-api-token-here |
| Parameter | Required string parameter named order_id |
When a user asks "Where is order A123?", the assistant calls the API with order_id=A123 and the header Authorization: Bearer your-api-token-here, then summarizes the result.
Security Notes
- Credentials are encrypted before storage — no risk of exposure in the database.
- If your API needs complex authentication (OAuth2 flow, mutual TLS), create a proxy endpoint.
- Clear tool descriptions reduce accidental tool calls.
- If a tool changes data, say that clearly in the description so the assistant only calls it when the user intends that action.