Assistant CoreAssistant Core
Tools & MCP

Custom API Tools

Create HTTP tools that let your assistant call your own APIs — with built-in authentication support.

Custom API Tools are best when you have a simple HTTP API and want the assistant to call it when needed. Common examples include checking order status, creating support tickets, checking inventory, looking up appointments, or sending data to an internal system.

Create A Tool

  1. Open the Admin Panel.
  2. Select your assistant.
  3. Go to Tools.
  4. Click New Tool.
  5. Fill in the tool details (name, URL, method, parameters).
  6. Configure authentication if the API requires it.
  7. Click Create or Save.

Fields

FieldMeaning
NameA short action-oriented name, for example lookup_order
DescriptionWhen the assistant should use this tool. This is important because the AI uses it to decide whether to call the tool
MethodHTTP method: GET, POST, PUT, PATCH, or DELETE
API URLThe endpoint Assistant Core will call
ParametersInformation the assistant should collect before calling the API
StrictWhen enabled, the parameter schema is stricter to reduce unexpected input

Authentication

If your API requires authentication, you can configure it directly on each tool — no proxy endpoint needed.

Auth TypeWhat to enterHeader generated
None(nothing)(no header sent)
BearerToken (e.g. sk-abc123)Authorization: Bearer sk-abc123
API KeyAPI key valueX-API-Key: <value> (or custom header)
Basicusername:passwordAuthorization: Basic <base64 encoded>
Custom HeaderHeader value<Header Name>: <value>

Credentials are AES-256 encrypted before being stored in the database. The Admin UI only shows a "Credential saved (encrypted)" indicator — it never displays the original credential.

When updating a tool, leaving the credential field empty keeps the existing credential. Only enter a new value when you want to replace it.

Parameters

Each parameter includes:

FieldMeaning
NameParameter name sent to your API
TypeData type: string, number, integer, boolean, or array
DescriptionClear explanation of what the parameter means
RequiredWhether the value is required
Enum valuesAllowed values when the assistant should choose from a fixed list
Items typeItem type when the parameter is an array

How Requests Are Sent

MethodParameter format
GETQuery string
DELETEQuery string
POSTJSON body
PUTJSON body
PATCHJSON body

Example

An order lookup tool with authentication could be configured like this:

FieldValue
Namelookup_order
DescriptionFind shipping status by order ID when the user asks about an order
MethodGET
API URLhttps://api.example.com/orders/status
Auth TypeBearer
Credentialyour-api-token-here
ParameterRequired string parameter named order_id

When a user asks "Where is order A123?", the assistant calls the API with order_id=A123 and the header Authorization: Bearer your-api-token-here, then summarizes the result.

Security Notes

  • Credentials are encrypted before storage — no risk of exposure in the database.
  • If your API needs complex authentication (OAuth2 flow, mutual TLS), create a proxy endpoint.
  • Clear tool descriptions reduce accidental tool calls.
  • If a tool changes data, say that clearly in the description so the assistant only calls it when the user intends that action.

On this page