How it works
Once enabled, you simply tell your agent which API you want to interact with—either in the chat or in your instructions. The agent figures out how to call the API and handles the request for you.How the agent learns APIs
Think about what a human developer would need to work with an API—your agent needs the same things: Well-known APIs — For popular services (weather APIs, social platforms, major SaaS tools), the agent often knows how to use them already from the LLM’s training data. Things usually work right off the bat. Less familiar APIs — For niche or custom APIs, you have several options:- Let it experiment — Ask the agent to try the API and figure it out through trial and error
- Point to documentation — Give the agent a URL to the API reference, or upload a PDF with the docs
- Use web search — Enable Web Search and ask the agent to research the API online
- Describe it yourself — If you know the API, just explain the endpoints and expected responses in the chat
Guardrails and approval
You can require approval for every HTTP request your agent makes. In the capability settings, set Require Approval to “Yes”.
- The agent can attempt to make HTTP requests, but you (or another team member) must approve each one before it executes
- Notify Agent on approval controls whether the agent is notified when you approve, useful if it needs to continue with follow-up steps
When to use HTTP requests
The HTTP capability is ideal when:- No existing capability — The service you need isn’t available as a built-in capability or MCP server
- Quick prototyping — You want to test an integration before investing in a proper setup
- Internal APIs — You have proprietary services or internal databases with REST endpoints
- Combining APIs — Your workflow requires calling multiple APIs in sequence
If a dedicated capability or MCP server exists for the service you need, prefer those—they’re more reliable and better tested. Use HTTP as a fallback or for experimentation.
Example use cases
Real-time data lookups:- “Check the current Bitcoin price using a cryptocurrency API”
- “Get the latest exchange rate between USD and EUR”
- “Look up the shipping status for order #12345 via the carrier’s API”
- “Convert this address to GPS coordinates, then find the nearest coffee shops using a places API”
- “Fetch the weather forecast, then post a summary to Slack”
- “Look up the company info from this domain, then add it to my CRM”
- “Connect to our internal inventory API and check stock levels for product SKU-1234”
- “Query our company’s time tracking API and summarize my hours this week”
Real-world example: Office location analyzer
We built an HR agent that knows where all our employees live and helps analyze potential new office locations by calculating transit times for each person.
- Geocoding API — Convert street addresses to GPS coordinates
- Transit time API — Calculate commute times between coordinates
- Map visualization — The agent built an interactive map to display the results
Handling credentials
Some APIs require authentication (API keys, tokens, etc.). You can provide credentials directly to the agent in the chat or instructions:“Use this API key for the weather service: abc123xyz”For sensitive credentials, consider using a dedicated integration or MCP server that handles authentication securely.
Available methods
The agent can use any standard HTTP method:| Method | Use case |
|---|---|
| GET | Retrieve data from APIs |
| POST | Create records, submit data |
| PUT | Replace existing records |
| PATCH | Partial updates |
| DELETE | Remove records |
| HEAD / OPTIONS | Check API capabilities |
Tips for reliability
Ask the agent to remember what worked. Once your agent successfully calls an API, ask it to update its instructions with the details—endpoint URLs, required headers, expected responses. This “codifies” the API and makes future calls instant. Start simple. Test with basic GET requests before building complex multi-step workflows. Provide documentation. If you have API docs, share them with the agent. The more context it has, the faster it can figure out the correct calls.FAQ
Why is this capability hidden by default?
Why is this capability hidden by default?
Can the agent access any URL?
Can the agent access any URL?
Yes, the agent can make requests to any publicly accessible URL. This is why requiring approval is important for sensitive use cases. There are currently no URL restrictions, though we may add allowlist/blocklist features in the future.
What happens if the response is very large?
What happens if the response is very large?
Responses are automatically truncated to 200,000 characters to prevent overwhelming the agent’s context. The agent will note when truncation occurs.
Why did my agent try multiple APIs before finding one that works?
Why did my agent try multiple APIs before finding one that works?
When you ask for something general like “check the weather using an API,” the agent may try several APIs before finding one that works without authentication or meets your needs. Once it finds a working solution, ask it to document the approach in its instructions.
Can I restrict which APIs the agent can call?
Can I restrict which APIs the agent can call?
Not yet—currently the agent can call any URL. You can use the approval flow to review each request before it executes. We’re planning to add URL allowlists and blocklists in a future update.