How Arcade helps with Agent Authorization
The challenges that Arcade solves
Applications that use models to perform tasks (agentic applications) commonly require access to sensitive data and services. Authentication complexities often hinder AI from performing tasks that require user-specific information, like what emails you recently received or what’s coming up on your calendar.
To retrieve this information, agentic applications need to be able to authenticate and authorize access to external services you use like Gmail or Google Calendar.
Authenticating to retrieve information, however, is not the only challenge. Agentic applications also need to authenticate in order to act on your behalf - like sending an email or updating your calendar.
Without auth, AI agents are severely limited in what they can do.
How Arcade solves this
Arcade provides an authorization system that handles OAuth 2.0, API keys, and user tokens needed by AI agents to access external services through tools. This means your AI agents can now act on behalf of users securely and privately.
With Arcade, developers can now create agents that can act as the end users of their application to perform tasks like:
- Creating a new Zoom meeting
- Sending or reading email
- Answering questions about files in Google Drive.
Arcade also allows for actions (tools) to be authorized directly. For example, to access a user’s Gmail account, you can initiate an authorization flow:
from arcadepy import Arcade
client = Arcade() # Automatically finds the `ARCADE_API_KEY` env variable
# Unique identifier for the end user
user_id = "[email protected]"
# Request access to the user's Gmail account
auth_response = client.tools.authorize(
tool_name="Google.ListEmails",
user_id=user_id,
)
print(f"Please authorize access by visiting: {auth_response.url}")Then, wait for the user to complete the authorization process:
# Wait for the authorization to complete
auth_response = client.auth.wait_for_completion(auth_response)Once authorized, your AI agent can securely access the user’s emails:
emails_response = client.tools.execute(
tool_name="Google.ListEmails",
user_id=user_id,
)
print(emails_response)The best part? Arcade remembers the user’s authorization tokens, so you don’t have to! Next time the user runs the same tool, they won’t have to go through the authorization process again until the auth expires or is revoked.
Tool Authorization
Consider the difference between accessing public information and private user data:
- Tools that don’t require authorization: Some tools, like
Search.SearchGoogle, allow AI agents to retrieve information from the web without needing user-specific authorization.
from arcadepy import Arcade
client = Arcade()
# Use the Search.SearchGoogle tool to perform a web search
search_response = client.tools.execute(
tool_name="Search.SearchGoogle",
input={"query": "Latest AI advancements"},
)
print(search_response)- Tools that require authorization: Other tools, like
Google.ListEmails, require user authorization to access private data such as emails.
from arcadepy import Arcade
client = Arcade()
# Unique identifier for the end user
user_id = "[email protected]"
# Request access to the user's Gmail account
auth_response = client.tools.authorize(
user_id=user_id,
tool_name="Google.ListEmails",
)
print(f"Please authorize access by visiting: {auth_response.url}")
# Wait for the authorization to complete
auth_response = client.auth.wait_for_completion(auth_response)
# Run the tool
emails_response = client.tools.execute(
tool_name="Google.ListEmails",
user_id=user_id,
)
print(emails_response)Custom Tools with Auth
You can also create custom tools that require authorization for all of the services that Arcade supports. The ToolContext object provides tools tokens at runtime enabling tools to make authenticated requests on behalf of the user. For more details on how to use ToolContext in your custom tools, refer to the Tool Context guide.