Action authentication

Actions can use one of three options for authentication between the action and a target system. The options are:

No authentication

Some actions do not require any authentication.

System-level: API key

Actions that require an API key or a service account to be configured at deployment time. This means that all agent Work Room users access the target system using the same API key or service account.

Once saved as a secret in Control Room, no one can see the API key in Control Room or Work Room.

In your action code, you can use a built-in type Secret in your action function signature.

from sema4ai.actions import action, Secret
 
@action
def google_search(topic: str, count: int = 10, api_key: Secret, context: Secret) -> SearchResultList:
	# Docstring here
	# Action implementation here
	return some_results

An example of this type of authentication is the Google Search Package, which only requires an API key and a Custom Search Engine ID to be configured at deployment time.

User-level: OAuth2

Some actions require user-level authentication, meaning that each Work Room user needs to authenticate with their own credentials to access the target system. This is done using the OAuth2 authentication flow.

An example of this type of authentication is the Google Drive package, in which each end-user needs to authenticate with their own Google account to access their Google Drive resources.

See the next units for general instructions on setting up an OAuth2 client, as well as package-specific guidance. You can also see the instructions for the respective action packages on GitHub (opens in a new tab) for more details.

Use with agents Set up OAuth2 clients